Blazemeter

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Blazemeter integration, but it needs review because it can change tests and account resources through authenticated access without clear confirmation guardrails.

Install only if you are comfortable granting Membrane delegated access to your Blazemeter account. Use a least-privilege account, verify the target account, workspace, project, and test before actions run, require explicit approval for start, stop, terminate, create, or proxy write requests, and revoke the Membrane connection when no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 83% confidence
Finding: The skill documents both state-changing operations and a generic authenticated proxy capability without requiring confirmation, read-only preference, or warning about destructive effects. In an agent setting, this increases the chance that ambiguous user requests or model mistakes could trigger real modifications to tests, projects, workspaces, or API endpoints in the user's Blazemeter environment.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal