Modelscope

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate ModelScope integration, but it gives an agent broad authenticated API access that can change or delete remote data without clear approval guardrails.

Install only if you are comfortable granting Membrane delegated access to your ModelScope account. Prefer listed Membrane actions and read-only requests, verify endpoint paths and payloads, and require explicit user approval before any create, update, delete, or raw proxy request carrying sensitive data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly documents a generic authenticated proxy request mechanism supporting arbitrary paths and destructive HTTP methods like POST, PUT, PATCH, and DELETE, but provides no guardrails around sensitive operations, confirmation requirements, or data exfiltration risks. In an agent setting, this increases the chance that the model could transmit sensitive data or perform state-changing actions against the connected service without adequate user awareness.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal