Shuttle

Security checks across malware telemetry and agentic risk

Overview

This Shuttle skill is not clearly scoped and gives an agent broad authenticated API access through Membrane, so users should review it before installing.

Install only after confirming which Shuttle service and account you intend to connect. Prefer discovered Membrane actions over raw proxy requests, require explicit confirmation before any non-GET or body-bearing request, and consider pinning or reviewing the Membrane CLI version instead of installing @latest globally.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: The skill is presented as a Shuttle-specific integration, but the documented workflow allows creating or discovering connections for arbitrary domains and then invoking generic actions against them. That scope mismatch can cause the agent to operate on unintended third-party services, expanding authority beyond what the user likely expects from a Shuttle skill.

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The proxy feature permits arbitrary authenticated HTTP requests, including state-changing methods like POST, PUT, PATCH, and DELETE, which greatly exceeds the narrow description of interacting with Shuttle data. In an agent context, this creates a powerful generic request primitive that could be misused to modify or delete remote resources with Membrane-managed credentials.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal