Apex 27

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Membrane-based Apex 27 connector, but it gives broad authenticated write and raw API access while the documentation is inconsistent and under-scoped.

Install only if you intend to use Membrane for Apex 27 access. Verify the Membrane CLI source, confirm the connector is for the Apex27 account and data model you expect, use the least-privileged account available, and require explicit user approval before any create, update, delete, or raw proxy request.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill documents write-capable actions and raw proxy requests without requiring confirmation, preview, or guardrails for destructive or state-changing operations. In an agent setting, this increases the risk of unintended modifications to external systems, especially if the model interprets a vague request as authorization to create, update, or directly call arbitrary endpoints.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal