Signal Sciences
Security checks across malware telemetry and agentic risk
Overview
This is a legitimate-looking Signal Sciences integration, but it gives an agent broad authenticated control over a production security platform without clear safeguards for changes or deletes.
Install only if you trust Membrane and intend to let an agent access Signal Sciences. Use the least-privileged account available, limit the connection to the intended tenant or site, and require explicit approval before any create, update, or delete operation affecting rules, lists, users, or security settings.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.