Red Hat
Security checks across malware telemetry and agentic risk
Overview
This looks like a real Red Hat/Membrane integration, but it gives an agent broad authenticated Red Hat API access, including write and delete methods, without clear confirmation or scope limits.
Review before installing. Use a least-privileged Red Hat account or tenant connection, make sure you trust Membrane and its npm CLI, and require explicit approval before any proxy request or action that could create, modify, delete, remediate, or execute anything in Red Hat infrastructure.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.