Maestra

Security checks across malware telemetry and agentic risk

Overview

This Maestra skill is a disclosed integration, but it gives an agent broader authenticated Maestra API access than its short description makes clear.

Review before installing if your Maestra account contains sensitive media, transcripts, captions, files, workspace data, or organization records. Use it only with a Membrane/Maestra account whose permissions you are comfortable exposing to agent-driven API calls, and require explicit confirmation before write, update, or delete requests.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The manifest says the skill is for managing Organizations and Users, but the body clearly enables much broader access to Maestra resources and even arbitrary proxied API requests. This mismatch can cause the agent or user to invoke the skill under a narrower trust assumption than its real capabilities, increasing the chance of overbroad access or unintended actions.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The invocation description is broad enough to match almost any Maestra-related request, without clearly limiting what actions are in scope or what level of user confirmation is needed. In an agent setting, overly broad routing increases the risk of accidental activation and execution of sensitive operations beyond what the user intended.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal