Venn - Secure Universal MCP (Google Workspace, Jira, GitHub, and more)

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Venn enterprise-tool connector whose broad SaaS access is expected for its purpose, with explicit approval required before writes or deletes.

Install only if you trust Venn with the connected enterprise apps and data. Use a least-privilege Venn API key, avoid placing the key in shared sandbox images, and carefully review any proposed send, create, update, delete, or multi-step workflow before approving it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger scope is extremely broad, including 'any reference to connected enterprise tools,' which can cause the skill to activate on casual mentions rather than clear user intent. Because this skill can access and orchestrate enterprise SaaS systems across many providers, over-triggering increases the chance of unintended data access, excessive tool routing, or write-capable workflow suggestion in sensitive contexts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal