Chattermill
Security checks across malware telemetry and agentic risk
Overview
The skill is a coherent Chattermill integration, but it gives an agent broad authenticated ability to change or delete business data through Membrane without clear approval guardrails.
Install only if you trust Membrane and need Chattermill automation. Prefer discovered Membrane actions, use a least-privileged Chattermill account where possible, require explicit approval before any command that creates, updates, or deletes data, consider pinning the CLI version in managed environments, and know how to revoke the Membrane connection.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
61/61 vendors flagged this skill as clean.