Chef

Security checks across malware telemetry and agentic risk

Overview

This Chef skill is not malicious, but it gives an agent broad authenticated access to Chef actions and raw API requests that can change infrastructure without enough guardrails.

Install only if you trust Membrane and intend to let an agent operate against Chef through it. Use a least-privilege Chef account, avoid production-wide credentials, and require explicit approval before any action or proxy request that creates, updates, deletes, or reconfigures infrastructure.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Context-Inappropriate Capability

Medium

Confidence: 87% confidence
Finding: The skill claims to be Chef-focused, but the documented `membrane connection ensure` flow can create connections for arbitrary domains and even auto-build connectors for unknown apps. That broadens the skill's operational scope beyond Chef and could let an agent pivot into unrelated third-party services, increasing the risk of unintended access, overbroad authorization, or misuse under a misleading skill label.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal