Hex
Security checks across malware telemetry and agentic risk
Overview
The skill is a coherent Hex integration, but it can give an agent broad authenticated access to a Hex workspace, including direct API requests that may change or delete data.
Install only if you are comfortable granting Membrane-mediated access to your Hex workspace. Use a least-privilege Hex/Membrane account where possible, avoid global latest-package installs if your environment requires pinned tooling, and require explicit review before the agent runs proxy requests or any POST, PUT, PATCH, or DELETE operation.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.