Pobuca Connect
Security checks across malware telemetry and agentic risk
Overview
This Pobuca Connect integration is disclosed and not malicious, but it should be reviewed because it can run broad actions on business and user data through Membrane without clear built-in limits.
Install only if you trust Membrane with the Pobuca Connect data available to the connected account. Use a least-privileged Pobuca account where possible, review each action schema before running it, and require explicit confirmation before creating, updating, deleting, bulk-changing records, or managing users. Consider pinning the Membrane CLI version instead of using @latest.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.