Cradlepoint

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Cradlepoint integration, but it needs review because it enables broad authenticated changes to business network infrastructure without clear confirmation safeguards.

Install only if you trust Membrane and intend to let the agent operate against Cradlepoint. Use a least-privileged Cradlepoint account, prefer listed Membrane actions, and require explicit confirmation before any request that creates, updates, deletes, or changes router or fleet configuration.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill documents a generic authenticated proxy request capability with support for POST, PUT, PATCH, and DELETE, but does not explicitly warn that these operations may modify or destroy production network configuration. In a Cradlepoint context, direct API access can change routers, groups, and configurations, so omission of a destructive-action warning increases the chance an agent issues high-impact requests without adequate user confirmation.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal