Nlp Cloud

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed NLP Cloud integration that uses Membrane for authenticated API access, with no hidden scripts or deceptive behavior found.

Install only if you trust Membrane and need NLP Cloud automation. Connect only the intended NLP Cloud account, prefer discovered Membrane actions over raw proxy requests, and require the agent to show the endpoint, method, and payload before any POST, PUT, PATCH, DELETE, or sensitive-data request.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly documents raw proxy requests with support for destructive HTTP methods like PUT, PATCH, and DELETE, but provides no guardrails, confirmation requirements, or warnings about state-changing operations. In an agent context, this increases the chance that the model performs unintended writes or deletions against a live NLP Cloud connection based on ambiguous user input or overbroad task interpretation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal