Tableau

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Tableau integration, but it gives an agent broad authenticated Tableau API access, including write and delete requests, without clear approval guardrails.

Install only if you are comfortable letting an agent use your Membrane/Tableau connection. Use a least-privilege Tableau account, verify or pin the Membrane CLI version where possible, and require manual approval before any POST, PUT, PATCH, DELETE, or raw proxy request.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill exposes a generic proxy request mechanism supporting destructive methods like POST, PUT, PATCH, and DELETE without guardrails or explicit confirmation requirements for mutating operations. In an agent setting, this increases the chance of unintended modification or deletion of Tableau resources if a prompt is ambiguous, malicious, or misunderstood.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal