Astronomer

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Astronomer integration, but it gives an agent broad authenticated API access that can change or delete account resources without clear confirmation guidance.

Install only if you trust Membrane and intend to let the agent operate your Astronomer account. Prefer predefined Membrane actions, use the least-privileged Astronomer access available, and require explicit approval before any request that creates, changes, or deletes deployments, workspaces, users, tokens, or other account data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly documents raw proxy requests with state-changing HTTP methods like POST, PUT, PATCH, and DELETE, but does not require confirmation or warn that these operations can modify or destroy remote data. In an agent context, this increases the risk of unintended destructive actions or prompt-driven misuse against the connected Astronomer environment.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal