Digicert

Security checks across malware telemetry and agentic risk

Overview

This DigiCert skill is coherent and not malicious, but it enables high-impact certificate and account changes without built-in confirmation guidance.

Install only if you trust Membrane and need agent-assisted DigiCert administration. Use a least-privileged DigiCert account, review the exact Membrane CLI version you install, and require explicit confirmation with exact resource IDs before any delete, revoke, reissue, duplicate, add-domain, or raw proxy request.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill documents destructive DigiCert operations such as deleting organizations or domains and revoking certificates, but it provides no guidance to require explicit user confirmation or to verify scope before execution. In a certificate-management context, accidental or overly broad destructive actions can disrupt PKI operations, invalidate services, or remove important account data.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal