Cludo

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Cludo integration that uses Membrane for authenticated API access, with no artifact evidence of hidden or malicious behavior.

Install only if you trust Membrane and are comfortable granting it access to your Cludo account. Review the login permissions, prefer least-privileged accounts for production data, and require explicit confirmation before the agent changes settings, modifies records, or runs DELETE-style requests.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill description is overly broad for a Cludo-specific integration: 'Manage data, records, and automate workflows' could match many unrelated user requests and cause the agent to invoke this skill outside its intended scope. Over-broad routing increases the chance of unintended external actions, data access, or API requests against the wrong system, especially because this skill supports authenticated network operations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal