Akana By Perforce

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Akana integration, but it gives an agent broad authenticated power to run raw Akana API requests, including write and delete methods, without clear safety limits.

Install only if you intend to let an agent operate on Akana through Membrane. Use a least-privileged Akana/Membrane account, verify the Membrane CLI package before installing, and require explicit approval before create, update, delete, or raw proxy requests.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The top-level description is very broad: 'Manage data, records, and automate workflows' could match many ordinary enterprise requests and cause this skill to be selected in situations where Akana-specific access was not clearly intended. Over-broad routing increases the chance of unintended external actions, data exposure, or use of networked capabilities without sufficiently specific user intent.

Vague Triggers

Low

Confidence: 84% confidence
Finding: The guidance 'Use action names and parameters as needed' is underspecified and gives the agent little constraint on when particular actions are appropriate. In a network-enabled integration skill, ambiguous action-selection guidance can lead to overly aggressive or incorrect operations, especially if multiple actions have similar names or side effects.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal