Environment variable access combined with network send.
Critical
- Code
- suspicious.env_credential_access
- Location
- scripts/atlas-call.mjs:68
Security audit
Security checks across malware telemetry and agentic risk
This is a coherent MongoDB Atlas API helper that can make real administrative changes only when the user provides Atlas credentials and approves risky calls.
Install only if you want an agent to browse and potentially operate your MongoDB Atlas Admin API. Use a least-privilege Atlas service account, keep ATLAS_API_BASE_URL unset unless you trust the endpoint, prefer read-only calls, require dry-run previews for changes, and approve --yes only after checking the exact method, endpoint, and JSON body.
66/66 vendors flagged this skill as clean.
Detected: suspicious.env_credential_access, suspicious.potential_exfiltration