Arcgis Online

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate ArcGIS Online integration, but it gives an agent broad authenticated power to delete, share, unshare, update, and directly call ArcGIS APIs without clear confirmation safeguards.

Install only if you are comfortable granting Membrane-backed access to your ArcGIS Online account. Use a least-privileged ArcGIS account, consider pinning or reviewing the Membrane CLI before global installation, and require explicit confirmation before any delete, update, share, unshare, or non-GET proxy request.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill advertises destructive and permission-changing actions like deleting groups/items and sharing/unsharing content without any caution about confirmation, authorization boundaries, or user-impact review. In an agentic setting, this increases the chance that an LLM could invoke irreversible or sensitive operations without adequate user awareness, causing data loss or unintended exposure changes.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal