Vectara
Security checks across malware telemetry and agentic risk
Overview
This Vectara skill is not malicious, but it deserves review because it gives an agent broad authenticated access to Vectara through Membrane, including raw API requests that could change or delete data.
Install only if you trust Membrane to broker access to your Vectara account and data. Prefer discovered Membrane actions over raw proxy requests, and require explicit approval before any POST, PUT, PATCH, or DELETE request or any request touching production corpora, documents, or account settings.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
62/62 vendors flagged this skill as clean.