Kanban Tool

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Kanban Tool integration, but it lets an authenticated agent change, archive, delete, and broadly read project data without clear approval guardrails.

Review before installing. Use a least-privileged Kanban Tool/Membrane connection, manually approve every create, update, archive, delete, and direct proxy request, and limit the agent to specific boards or tasks whenever possible.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill documents destructive operations like deleting or archiving tasks and subtasks without any guidance to confirm intent or warn the user before execution. In an agent setting, this increases the risk of accidental or prompt-induced destructive changes to project data, especially because task management actions are operationally sensitive and may affect shared team workflows.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal