Asana (PAT)
Security checks across malware telemetry and agentic risk
Overview
This skill is a transparent Asana command-line integration that uses a user-provided Asana token to perform disclosed Asana actions.
Install only if you trust the publisher with the Asana permissions granted by your PAT. Use a dedicated, revocable token if possible, supervise write actions that affect shared projects, and only run attachment uploads for files you intend to share in Asana.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.