Chaindesk

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Chaindesk integration, but it gives an agent broad authenticated control over support data and AI-agent configuration without clear safety checks.

Install only if you trust Membrane and need an agent to manage Chaindesk. Use a least-privileged or test Chaindesk/Membrane account, manually approve delete/update/proxy requests, treat conversation/datastore text and connector instructions as untrusted context, consider pinning the CLI version, and revoke the connection when finished.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill advertises destructive operations such as deleting datasources, datastores, and agents without requiring confirmation or warning about irreversible effects. In an agent setting, this increases the chance that a user request is translated into a destructive API call without adequate friction, potentially causing data loss or service disruption.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal