Rex

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Rex/Membrane integration, but it gives an agent broad authenticated API control without enough guardrails for write or delete actions.

Install only if you are comfortable letting an agent operate through your connected Rex account. Prefer named Membrane actions, use a least-privileged account where possible, require confirmation before create, update, delete, billing, or workflow-triggering requests, and revoke the Membrane connection when no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 78% confidence
Finding: The invocation description is overly broad and could cause the skill to activate for generic data-management requests outside the intended Rex domain. In an agent setting, overbroad routing increases the chance of sending user requests to the wrong integration, which can result in unintended data access or actions against an external service.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill documents a generic proxy mechanism supporting POST, PUT, PATCH, and DELETE without warning about destructive effects or recommending confirmation before writes. In a tool-using agent context, this makes it easier for an LLM to perform state-changing API calls based on ambiguous prompts, potentially modifying or deleting user data unintentionally.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal