Rosette Text Analytics

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do what it says: it connects Rosette Text Analytics through Membrane, with some broad API features users should handle carefully.

Install only if you are comfortable signing in to Membrane and connecting Rosette through it. Prefer the named Rosette actions, review any direct proxy request before approving it, and avoid sending sensitive text unless your Rosette and Membrane account policies allow it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 88% confidence
Finding: The skill’s stated purpose is Rosette text analytics, but the documented connection flow can create generic Membrane apps/connectors when no known app is found. That broadens capability beyond the declared scope and can enable interaction with unintended services or expanded surfaces the user did not explicitly authorize.

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The proxy section allows arbitrary requests, including mutating methods like POST, PUT, PATCH, and DELETE, which exceeds a narrowly described text-analytics skill. In an agent setting, this creates a confused-deputy risk where the skill can be used to perform broader API actions than users expect, potentially modifying remote state or reaching endpoints outside the intended safe action set.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal