Paygreen

Security checks across malware telemetry and agentic risk

Overview

This PayGreen skill is coherent, but it gives an agent broad authenticated access to a payment platform without clear safety limits for write or delete actions.

Review before installing. Use a test or least-privilege PayGreen account where possible, confirm exactly which Membrane connection and PayGreen scopes are granted, prefer discovered read-only actions first, and require explicit user approval before any request that creates, updates, deletes, refunds, purchases, or changes merchant or transaction data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill documents direct proxy requests with mutating methods like POST, PUT, PATCH, and DELETE without requiring confirmation, dry-run guidance, or warnings about destructive effects. In a payment-processing context, this could lead an agent to modify or delete financial or merchant data through raw API calls, especially when action discovery does not cover the use case.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal