Onespan

Security checks across malware telemetry and agentic risk

Overview

This OneSpan integration is coherent, but it gives an agent broad authenticated access to sensitive OneSpan data, including raw write and delete API calls without clear approval boundaries.

Install only if you are comfortable connecting OneSpan through Membrane. Use a least-privileged OneSpan account, review the permissions during login, explicitly approve any create, update, or delete operation before the agent runs it, prefer listed Membrane actions over raw proxy calls, and revoke the connection when finished.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill documents a generic proxy request capability with arbitrary HTTP methods, paths, headers, and bodies, but does not warn that this can modify or delete production data. In an agent setting, that omission increases the chance of executing destructive API calls without user confirmation or adequate safeguards.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal