Codeq Natural Language Processing Api

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Codeq NLP API integration that uses Membrane for authentication and API calls, with no hidden code or malicious behavior found.

Install only if you trust Membrane and Codeq with the text you plan to process. Avoid sending secrets or sensitive records unless approved, connect only the intended account, and confirm endpoint, payload, and HTTP method before any mutating or raw proxy request.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The skill description is broad enough to match many generic 'manage data' or 'automate workflows' requests, which can cause over-triggering outside the user's intended scope. In an agent setting, ambiguous routing increases the chance of unnecessary external API access or actions being suggested for unrelated tasks.

Vague Triggers

Low

Confidence: 72% confidence
Finding: Telling the agent to 'use action names and parameters as needed' provides no constraints on when or how actions should be selected, leaving behavior underspecified. That ambiguity can lead to accidental misuse of actions, incorrect parameterization, or operations beyond the user's intended request.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal