Bugherd

Security checks across malware telemetry and agentic risk

Overview

This is a coherent BugHerd integration, but it gives an agent broad authenticated ability to change BugHerd data and make raw API requests without clear approval boundaries.

Install only if you are comfortable granting an agent authenticated BugHerd access through Membrane. Use a least-privileged BugHerd account where possible, require explicit approval before create, update, delete, webhook, or raw proxy API calls, review the exact target project/task and request body, and revoke the connection when no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill documents create, update, and proxy-request capabilities without explicit guardrails requiring user confirmation before state-changing actions. In an agent setting, this can lead to unintended modifications to BugHerd projects, tasks, comments, or webhooks if the model infers permission from ambiguous user requests.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal