Ezeep Blue

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Ezeep Blue integration, but it gives an agent broad authenticated print and API access without clear safeguards for uploads, printing, or write/delete actions.

Install only if you trust Membrane and need agent-driven Ezeep Blue management. Use a least-privilege Ezeep account, review the global CLI install, and require explicit approval before uploading files, printing documents, or making POST/PUT/PATCH/DELETE proxy requests.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill explicitly documents print submission and arbitrary proxy requests to the external API without requiring confirmation, warning about data disclosure, or constraining side-effecting operations. In practice, this could cause an agent to transmit sensitive documents or perform unintended writes against the user's Ezeep Blue environment based on ambiguous prompts.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal