Neterium

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Neterium integration, but it gives an agent broad authenticated access to sensitive fraud-prevention records without clear safeguards for write or delete actions.

Install only if you trust Membrane and need an agent to work with Neterium. Use a least-privileged Neterium/Membrane connection, prefer discovered Membrane actions over raw proxy calls, and require explicit approval before any create, update, delete, watchlist, profile, alert, webhook, or audit-log affecting operation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly recommends direct proxy requests and documents mutating methods like POST, PUT, PATCH, and DELETE without requiring confirmation or warning that these operations may create, modify, or remove Neterium records. In a fraud-prevention platform handling sensitive compliance and identity data, this can enable unintended destructive changes or high-impact actions if an agent follows the guidance too eagerly.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal