Workast
Security checks across malware telemetry and agentic risk
Overview
This appears to be a legitimate Workast integration, but it gives the agent broad authenticated access that could change or delete workspace data without clear built-in approval guardrails.
Install only if you are comfortable granting Membrane-mediated access to your Workast workspace. Require the agent to show the exact action or API request, affected records, and reversibility before any create, update, or delete operation; prefer predefined Membrane actions over raw proxy requests and revoke the connection when no longer needed.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.