Banked

Security checks across malware telemetry and agentic risk

Overview

This looks like a real Banked integration, but it gives an agent broad authenticated access to a payment API without clear safeguards for write or delete actions.

Install only if you trust Membrane and intend to connect a Banked account. Prefer pre-built Membrane actions, treat any raw proxy request as sensitive, confirm the exact endpoint, method, and payload before writes or deletes, and revoke the Banked/Membrane connection when it is no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The skill explicitly encourages raw proxy requests to the Banked API, which can access or modify sensitive financial data, but it does not instruct the agent to obtain explicit user confirmation, limit scope, or warn about the sensitivity of the operation. In a banking/payment context, that omission increases the risk of unauthorized reads or writes, especially when the agent falls back from structured actions to generic API calls.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal