Insperity Premier

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Insperity Premier HR integration, but it gives an agent broad write-capable access to sensitive HR and payroll data without enough built-in safeguards.

Review before installing. Use this only with an account that has the narrowest necessary Insperity Premier permissions, prefer predefined Membrane actions, and require explicit user approval before any create, update, delete, payroll, benefits, employee-record, policy, or company-record change.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The skill explicitly documents a generic proxy capability that can issue arbitrary HTTP methods, including modifying and deleting requests, against an HR system handling sensitive employee, payroll, and benefits data. Without an accompanying warning to confirm destructive operations or caution about sensitive HR records, an agent could perform high-impact changes through direct API calls more easily than intended.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal