Belco Bv

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Belco B.V. integration that uses Membrane for authenticated API access, with the main caution that it can perform live data changes if the user asks it to.

Install this only if you intend to connect Belco B.V. through Membrane. Prefer discovered Membrane actions over raw proxy calls, review endpoints and payloads before sending them, and explicitly confirm any operation that creates, updates, or deletes live business data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The invocation description is broad enough that the skill may be selected for many generic requests involving Belco data, even when the user did not clearly intend to perform external-system operations. Overbroad matching increases the chance of unnecessary connection setup, data access, or action execution against a live business system without sufficiently explicit user intent.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill documents direct proxy requests and explicitly includes mutating HTTP methods like POST, PUT, PATCH, and DELETE without warning about side effects or recommending confirmation before write operations. In an agent setting, this can normalize unsafe execution paths and lead to unintended modification or deletion of remote Belco data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal