Splunk

Security checks across malware telemetry and agentic risk

Overview

This Splunk skill appears legitimate, but it gives agents broad authenticated Splunk access through Membrane, including raw API requests that could change or delete data without an explicit approval boundary.

Review before installing in production or security-sensitive Splunk environments. Use least-privilege Splunk credentials, prefer prebuilt Membrane actions over raw proxy requests, and require explicit user approval for any write, update, delete, or configuration-changing operation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 83% confidence
Finding: The skill exposes a generic proxy request mechanism to Splunk APIs without an explicit warning that arbitrary user data may be transmitted to an external service. In practice, this can encourage agents to forward sensitive prompts, records, or derived data to Splunk endpoints without clear user awareness or confirmation, increasing the risk of unintended data exfiltration or privacy violations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal