Darwinbox

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Darwinbox HR integration, but it gives an agent broad ability to change sensitive HR records without clear confirmation safeguards.

Install only if you trust Membrane and are authorized to connect Darwinbox. Use a least-privilege or test Darwinbox account where possible, and require the agent to show the exact record, endpoint, HTTP method, fields, and expected effect before any employee, candidate, leave, attendance, or raw proxy write.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill advertises destructive HR operations such as rejecting candidates or updating leave status without any guidance to verify user intent, confirm risky changes, or distinguish read-only from write actions. In an agent setting, this increases the chance of unauthorized or mistaken modifications to sensitive personnel records and workflow state.

Missing User Warnings

High

Confidence: 95% confidence
Finding: The proxy section enables arbitrary authenticated requests, including POST, PUT, PATCH, and DELETE, but does not warn that these can directly modify or delete live Darwinbox HR data. Because the skill targets an HRMS containing sensitive employee and recruitment information, omission of approval and scope controls materially raises the risk of damaging or unauthorized changes.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal