Jaegertracing

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Membrane-based JaegerTracing integration with a broad fallback proxy, so users should control what API calls are made but the artifact does not show deception or malicious behavior.

Install only if you trust Membrane and are comfortable letting it broker access to your JaegerTracing environment. Prefer discovered Membrane actions, verify the connection targets the intended Jaeger instance, and require explicit approval before using the proxy for POST, PUT, PATCH, or DELETE requests.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill documents a generic proxy mechanism supporting arbitrary HTTP methods, headers, body data, and path parameters without guardrails or confirmation requirements for destructive operations. In an agent context, this can enable unintended or unsafe API calls against connected services, especially if the model uses the proxy when a safer prebuilt action is unavailable.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal