Salt Edge

Security checks across malware telemetry and agentic risk

Overview

This looks like a legitimate Salt Edge banking integration, but it needs review because it can expose bank data and payment-capable actions without clear confirmation safeguards.

Install only if you trust Membrane and need Salt Edge banking access. Before use, require manual confirmation for any payment, POST, PUT, PATCH, DELETE, or raw proxy request; connect only the accounts needed; review exact action IDs and inputs; and revoke the Membrane/Salt Edge connection when finished.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

High

Confidence: 93% confidence
Finding: The skill explicitly enables access to bank account data and payment initiation, which are highly sensitive financial capabilities, but it does not include guardrails about consent, verification, or confirmation before sensitive actions. In a banking context, missing warnings and approval requirements can lead to unauthorized data exposure or unintended payment actions with significant privacy and financial consequences.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal