Terminus App

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Terminus database integration, but it gives an agent broad authenticated write and access-management power without clear confirmation safeguards.

Install only if you are comfortable letting an agent operate through a Membrane-authenticated Terminus connection. Use the least-privileged Terminus account available, and require the agent to show the connection, action or endpoint, HTTP method, and input before any write, delete, schema, user, team, or bulk operation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill explicitly documents raw proxy access with mutating HTTP methods like POST, PUT, PATCH, and DELETE without requiring confirmation or warning about destructive effects. In an agent setting, this increases the chance that the model may perform state-changing or irreversible operations against external data stores based on ambiguous prompts or incomplete user intent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal