Honeycombio

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Honeycomb integration, but it gives agents broad API access that can change or delete Honeycomb resources without explicit guardrails.

Install only if you are comfortable allowing an agent to operate against your Honeycomb account through Membrane. Use a least-privilege Honeycomb connection where possible, prefer read-only queries, and manually review any POST, PUT, PATCH, or DELETE request before it runs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill description is overly broad ('Manage data, records, and automate workflows') and could cause the agent to invoke this integration for vague Honeycomb-related requests without clear scoping or confirmation. In a tool that can query and potentially mutate observability resources, ambiguous invocation boundaries increase the chance of unintended actions or unnecessary access to external systems.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The documentation explains how to run actions and raw proxy requests, including POST/PUT/PATCH/DELETE, but does not warn that these operations may create, modify, or delete Honeycomb data. Without an explicit warning or confirmation requirement, an agent may treat all listed operations as routine and perform destructive actions with insufficient user awareness.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal