Aws S3

Security checks across malware telemetry and agentic risk

Overview

This is a coherent AWS S3 skill that uses Membrane for disclosed S3 access, with sensitive but expected cloud-storage authority.

Install only if you trust Membrane and the npm CLI package. Use a least-privilege AWS connection, review generated action schemas and inputs before running them, and require explicit confirmation for deletes, public-access changes, or bulk bucket/object operations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The skill description is broad enough that it could be invoked for many generic S3-related requests without clearly signaling whether operations are read-only or mutating. In a cloud-storage context, overly broad routing increases the chance an agent uses this skill for sensitive bucket or object operations without appropriate user confirmation or scoping.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The documentation does not warn that using this skill may create, modify, or delete AWS S3 resources. In the context of AWS infrastructure, missing mutation warnings can cause users or agents to underestimate the risk of actions that affect production data, backups, or public accessibility settings.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal