Rectify

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Rectify integration for managing project tasks and documents, with powerful delete actions that users should handle carefully.

Install this only if you want agents to manage Rectify project data. Keep the project token private, use the least-privileged project token available, and require clear confirmation before deleting documents, archiving document trees, deleting tasks, or deleting columns because those actions can remove important project content.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill exposes a permanent `delete_document` operation without requiring an explicit warning or confirmation step, even though it separately documents safer archival behavior. In an agent setting, this increases the chance of accidental irreversible data loss from ambiguous or mistaken user prompts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal