Ramp

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Ramp/Membrane integration, but it needs review because it can give an agent broad ongoing access to company finance data and direct write-capable API calls without clear guardrails.

Install only if your organization approves Membrane access to Ramp. Use the least-privilege Ramp account or OAuth scope available, review permissions during connection, prefer vetted Membrane actions over raw proxy calls, and require explicit confirmation before creating, approving, paying, updating, or deleting Ramp data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill explicitly documents a generic authenticated proxy mechanism that can issue arbitrary HTTP methods, including POST, PUT, PATCH, and DELETE, but does not warn that these calls may mutate or destroy financial data. In the context of Ramp, this increases the chance an agent could perform sensitive or irreversible operations without adequate confirmation or guardrails.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal