Mattermost

Security checks across malware telemetry and agentic risk

Overview

This Mattermost skill is coherent, but it gives an agent broad authenticated access to Mattermost, including write and delete-capable raw API requests, without clear confirmation guardrails.

Install only if you are comfortable giving a Membrane-mediated agent access to your Mattermost workspace. Use the least-privileged Mattermost account or connection possible, prefer pre-built actions, and require explicit confirmation before any operation that posts, edits, creates, deletes, or changes workspace data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill explicitly enables direct proxy requests to the Mattermost API, including POST, PUT, PATCH, and DELETE, but does not warn that these calls can modify or delete live Mattermost data. In an agent setting, this increases the chance of unintended destructive actions because the documentation presents the mechanism as a normal fallback without emphasizing confirmation, least privilege, or safe-read defaults.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal