Cloudflare Api Shield

Security checks across malware telemetry and agentic risk

Overview

This looks like a legitimate Cloudflare API Shield integration, but it gives broad authenticated Cloudflare API access without enough guardrails for write or delete actions.

Review before installing. Use this only if you are comfortable granting Membrane delegated access to your Cloudflare API Shield environment. Prefer least-privilege Cloudflare permissions, use read-only discovery first, require explicit confirmation before any POST, PUT, PATCH, or DELETE request, and revoke the Membrane connection when finished.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill documents how to run arbitrary actions and direct proxy requests, including state-changing HTTP methods, without requiring user confirmation, scoping guidance, or safety checks for destructive operations. In an agent setting, this can enable unintended modification or deletion of Cloudflare configuration if the model acts on ambiguous prompts or chooses raw requests over safer constrained actions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal