Amazon Elasticsearch

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Amazon Elasticsearch integration, but it gives an agent broad authenticated API access that could change or delete data without clear confirmation safeguards.

Review before installing. Use a least-privilege Amazon Elasticsearch account or connection, prefer predefined Membrane actions over raw proxy requests, and require explicit approval for any POST, PUT, PATCH, DELETE, bulk indexing, snapshot, repository, or data-deletion operation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly documents a generic proxy mechanism supporting destructive HTTP methods like POST, PUT, PATCH, and DELETE without requiring confirmation, read-only defaults, or warning about mutation risks. In a data-management context like Elasticsearch, this can lead an agent to issue index-changing or data-deleting requests that modify or destroy production data unintentionally.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal