Circleci

Security checks across malware telemetry and agentic risk

Overview

This is a real CircleCI integration, but it gives agents broad authenticated CI/CD control without clear safeguards before changes or deletes.

Install only if you trust Membrane and intend to let the agent operate your CircleCI account. Use the least-privilege CircleCI connection available, limit it to the intended organization or project where possible, and require explicit approval before changing environment variables, triggering or canceling workflows, deleting contexts, or using raw proxy API requests.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill documents destructive actions such as rerunning, canceling, and deleting CircleCI resources without any guidance to require explicit user confirmation before execution. In an agent setting, this increases the risk that a model could perform state-changing or disruptive operations based on ambiguous prompts or overbroad automation.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The proxy-request section enables arbitrary authenticated API calls, including destructive HTTP methods like POST, PATCH, and DELETE, but provides no warning that these requests can modify remote resources or transmit sensitive data over the network. This broad escape hatch bypasses the safety of curated actions and can let an agent perform unintended high-impact operations against CircleCI.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal