Overledger

Security checks across malware telemetry and agentic risk

Overview

This markdown-only Overledger skill is not deceptive, but it gives an agent broad authenticated blockchain/API power without enough guardrails for high-impact actions.

Review before installing. Use a test or least-privilege Overledger/Membrane account, avoid granting wallet or payment authority unless needed, and require explicit approval before any transaction, trade, payment, credential change, workflow automation, or POST/PUT/PATCH/DELETE proxy request.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The skill is framed as an Overledger integration, but the instructions authorize broad action discovery and raw proxied requests, which effectively expands capability far beyond a narrowly scoped data-access skill. In an agent setting, this can enable unintended read/write operations, API misuse, or execution of side-effecting actions without clear user understanding or guardrails.

Context-Inappropriate Capability

Low

Confidence: 84% confidence
Finding: The documented use of `membrane connection ensure` can create new connections, apps, or connectors automatically, which exceeds a simple data interaction role and introduces environment-changing side effects. Even if intended for convenience, automatic provisioning can cause unauthorized integrations or broaden trust boundaries without sufficient review.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The invocation condition 'use when the user wants to interact with Overledger data' is overly broad and leaves too much discretion to the agent about when to activate a skill that can perform networked actions. Broad routing increases the chance the skill is invoked in contexts where its expansive capabilities are unnecessary or unsafe.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly instructs the agent to send direct proxied API requests but does not warn about transmitting user data externally or causing state changes on the target service. In an autonomous agent environment, this omission can lead to accidental disclosure of sensitive data or unintended writes to production systems.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal