Datarobot

Security checks across malware telemetry and agentic risk

Overview

This is a plausible DataRobot integration, but it needs review because it enables broad authenticated access including deletes and raw API requests without clear guardrails.

Install only if you trust Membrane and intend to grant it delegated DataRobot access. Use a least-privileged DataRobot account, review the Membrane login and consent flow, and require explicit confirmation before creating deployments, deleting resources, or using raw API requests.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The manifest advertises a narrower scope ('Manage Projects, Users') than the body of the skill, which enables many additional resources and even arbitrary API access. This scope mismatch can cause the agent or user to invoke the skill under false assumptions, increasing the chance of over-privileged operations and unintended data access.

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The generic proxy request feature allows arbitrary direct calls to the DataRobot API, bypassing the safer, narrower action interface described elsewhere. In an agent context, this materially expands the reachable attack surface and can enable access to sensitive endpoints or destructive operations beyond the intended skill scope.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The activation text 'Use when the user wants to interact with Datarobot data' is broad enough to match many generic requests, which can cause the skill to be selected in situations the user did not specifically intend. Because the skill can enumerate, create, and delete remote resources, over-triggering increases the risk of unnecessary data exposure or unintended actions.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill documents destructive delete actions without any warning, confirmation, or approval workflow. In an autonomous or semi-autonomous agent setting, this creates a realistic risk of accidental deletion of projects, deployments, or datasets from ambiguous prompts or mistaken IDs.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal