Dc Bank

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed DC Bank integration, but it gives broad authenticated banking API access without enough guardrails for financial changes.

Install only if you trust Membrane and this skill with the relevant DC Bank account. Prefer listed Membrane actions over raw proxy requests, confirm any POST, PUT, PATCH, DELETE, transfer, account update, or transaction-related action before it runs, and revoke the Membrane connection when it is no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The skill description is broad enough to match many generic banking-related requests, which can cause the agent to invoke a powerful financial integration in situations where the user did not clearly intend DC Bank access. In a banking context, over-broad routing increases the chance of unnecessary account exposure, unintended data retrieval, or accidental execution of sensitive actions.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill explicitly instructs the agent to send direct proxied requests to the bank API, but it does not require safety checks, user confirmation, or read-only defaults. Because this is a financial system, undocumented or arbitrary API calls could retrieve sensitive account data or trigger state-changing operations such as transfers, updates, or other account actions.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal