Blackfire
Security checks across malware telemetry and agentic risk
Overview
This looks like a legitimate Blackfire integration, but it should be reviewed because it gives an agent broad authenticated Blackfire API access through Membrane, including possible changes or deletions.
Install only if you are comfortable allowing an agent to access Blackfire through Membrane. Prefer discovered Membrane actions over raw proxy requests, use the least-privileged Blackfire account available, and require explicit confirmation before creating, changing, or deleting Blackfire data.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
62/62 vendors flagged this skill as clean.