Ghost

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate-looking Ghost integration, but it gives agents broad authenticated ability to change live Ghost content and member data without enough safety guidance.

Review before installing. Use it only with a Ghost/Membrane account whose permissions match the task, avoid production sites unless necessary, and require explicit confirmation before any create, update, publish, settings, member, user, or raw proxy request. Consider reviewing or pinning the Membrane CLI version before global installation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill advertises create and update actions against posts, pages, and members without explicitly warning that these operations modify live remote data. In an agentic setting, this increases the chance of unintended writes if the agent interprets a loosely phrased user request as authorization to change production Ghost content or member records.

Missing User Warnings

High

Confidence: 95% confidence
Finding: The proxy request section exposes a generic authenticated request primitive supporting POST, PUT, PATCH, and DELETE, but omits any warning that it can directly alter or delete data on the connected Ghost instance. Because the proxy bypasses safer higher-level actions, an agent could perform destructive API calls with valid credentials against production content, members, settings, or integrations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal