Ibm X Force Exchange

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed IBM X-Force Exchange integration that uses Membrane for authentication and API access, with no evidence of hidden or malicious behavior.

Install this only if you trust Membrane and are comfortable connecting it to IBM X-Force Exchange. Prefer the listed prebuilt actions, use least-privileged credentials where possible, and explicitly review any raw proxy request, especially POST, PUT, PATCH, DELETE, or requests containing sensitive investigation data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill explicitly documents a generic proxy mechanism that can send arbitrary requests to the external IBM X-Force Exchange API, while not requiring an explicit user-facing warning or confirmation before transmitting data. In an agent setting, this increases the risk that sensitive user-provided data, prompts, or derived context could be sent off-platform through a flexible request surface beyond the safer prebuilt actions.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal