Google Cloud Ai Platform

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Google Cloud AI Platform integration, but it gives agents broad authenticated cloud API access without clear limits for write or delete actions.

Install only if you trust Membrane and are comfortable granting it access to Google Cloud AI Platform. Use least-privilege Google Cloud IAM, prefer listed Membrane actions over raw proxy requests, and require explicit approval before any create, update, or delete operation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly documents generic proxy requests with support for POST, PUT, PATCH, and DELETE, but provides no guardrails about confirmation, least privilege, or destructive effects. In an agent setting, this can enable unintended or overly broad state-changing operations against Google Cloud resources, especially when paired with natural-language tasking and authenticated connections.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal