Lean Technologies

Security checks across malware telemetry and agentic risk

Overview

This looks like a legitimate Lean Technologies integration, but it gives an agent broad authenticated access to sensitive financial workflows without clear approval limits.

Install only if you trust Membrane and need Lean Technologies automation. Use a least-privileged account, supervise every payment, deletion, beneficiary, user, or workflow change, prefer listed Membrane actions over raw proxy requests, and revoke the connection when finished.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill documents direct network requests and potentially state-changing API operations without explicit guidance to warn the user or obtain confirmation before actions that may expose data or modify financial records. In a financial integration context, this increases the risk of unintended disclosure, accidental writes, or privacy-impacting operations being performed too casually.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal