Identitycheck

Security checks across malware telemetry and agentic risk

Overview

This is a coherent IdentityCheck integration, but it gives an agent broad authenticated access to sensitive identity-verification data and raw API actions.

Install only if you trust Membrane and intend to grant agent-assisted access to IdentityCheck. Use a least-privileged account, prefer prebuilt Membrane actions over raw proxy requests, confirm any verification email or create/update/delete operation before it runs, minimize personal data sent, and revoke the connection when the work is complete.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 79% confidence
Finding: The skill encourages initiating identity-verification emails and making direct proxy/API requests without explicitly requiring user confirmation or warning that sensitive personal data may be transmitted to a third-party identity-verification service. In an identity/KYC context, this increases the risk of privacy violations, unintended disclosure of PII, or sending verification flows to the wrong person.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal