Faraday

Security checks across malware telemetry and agentic risk

Overview

This skill is disclosed as a Faraday integration, but it mixes different Faraday product models and grants broad authenticated API access through Membrane, so users should review it before connecting an account.

Install only after confirming which Faraday service and account you intend to connect. Use a least-privileged account, review the Membrane login and connection target carefully, avoid create/export/webhook/proxy actions unless explicitly intended, and consider pinning or separately reviewing the Membrane CLI before global installation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The skill documents a generic authenticated proxy that can send arbitrary requests to the Faraday API, which substantially expands capability beyond the declared purpose. If invoked by an agent under a narrow user intent, this proxy could be abused to access, modify, or exfiltrate other Faraday resources available to the connected account.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The invocation text is broad enough to match almost any Faraday-related request, without clear limits on what operations the skill should perform. In an agentic system, overly broad triggering can cause the skill to be selected in situations where the user did not intend broad Faraday access, increasing the chance of unintended data access or state-changing operations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal