Cloudinary

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Cloudinary management skill, but users should be careful because it can modify or permanently delete Cloudinary assets.

Install only if you want an agent to operate on your Cloudinary account through Membrane. Before any delete, rename, update, archive, or raw proxy request, require the agent to show the exact asset public ID, folder path, and action parameters and get explicit confirmation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill documents destructive actions such as asset and folder deletion without any warning, confirmation requirement, or guidance to verify scope before execution. In an agent setting, this increases the chance of accidental irreversible deletion of media assets or folders, especially if the model infers that these actions are routine and safe to run autonomously.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal