Cloudflare Workers

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Cloudflare Workers integration, but it gives an agent broad authenticated power to change or delete Cloudflare resources without clear confirmation guardrails.

Install only if you are comfortable granting delegated Cloudflare access through Membrane. Use least-privilege Cloudflare permissions, prefer discovered Membrane actions over raw proxy calls, and require explicit approval before any create, update, deploy, or delete request.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill description is broad enough that an agent may invoke it for loosely related Cloudflare requests without clear scope checks or user-confirmation boundaries. Because this skill can enumerate, modify, or delete Workers resources through actions and proxy requests, over-broad routing increases the chance of unintended high-impact operations from ambiguous user prompts.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The documentation explains how to run actions and send arbitrary proxy requests but does not warn that these operations may create, modify, or delete Cloudflare resources. In an agent setting, that omission can lead the model to treat powerful write-capable operations as routine, increasing the risk of accidental destructive changes to production Workers, KV, R2, queues, or bindings.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal