Couchbase

Security checks across malware telemetry and agentic risk

Overview

This Couchbase skill is coherent and disclosed, but it gives an agent broad live-database authority without enough guardrails for write, delete, or raw API operations.

Install only if you are comfortable letting an agent operate through Membrane against a Couchbase environment. Use least-privilege Couchbase credentials, prefer read-only access where possible, and require explicit human confirmation before any write, delete, schema, index, bucket, collection, or raw proxy request.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill description says to use the skill whenever the user wants to interact with Couchbase data, which is overly broad and lacks guardrails around permitted operations. This can cause an agent to invoke the skill in ambiguous situations and perform unintended read, write, or administrative actions against a live database.

Vague Triggers

Low

Confidence: 80% confidence
Finding: The instruction to use action names and parameters 'as needed' provides little constraint on what actions should be selected, leaving the agent to infer scope on its own. In a database integration, vague action-selection guidance can lead to use of unsafe, overly privileged, or destructive actions when safer alternatives exist.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal