Datascope

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real DataScope/Membrane integration, but it deserves review because it enables broad DataScope changes and raw API calls without clear safety guardrails.

Install only if you trust Membrane and need broad DataScope administration. Use a least-privileged DataScope account, verify the connection ID before running commands, and require explicit confirmation before any create, update, bulk update, proxy, or DELETE request.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The manifest and description frame the skill as managing organizations and interacting with DataScope data, but the body documents significantly broader capabilities, including administrative objects and arbitrary proxied API requests. This mismatch can cause over-broad invocation and user/operator misunderstanding about the scope of actions the skill may take, increasing the chance of unintended privileged operations.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The activation text, 'Use when the user wants to interact with DataScope data,' is broad enough to match many requests without distinguishing read-only, administrative, or destructive operations. In an agent setting, this can route loosely related prompts into a skill that has powerful capabilities, including metadata updates and direct proxy requests.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal