Watsonx Ai
Security checks across malware telemetry and agentic risk
Overview
This is a legitimate-looking WatsonX AI integration, but it gives an agent broad live-account API authority without clear guardrails for changes or deletions.
Install only if you are comfortable granting Membrane-mediated access to a WatsonX account. Use the least-privileged WatsonX connection available, consider pinning or reviewing the Membrane CLI before global installation, and require explicit approval before any action or proxy request that creates, updates, deletes, or triggers workflows.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.