Summit

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Summit integration, but it gives an agent broad authenticated request power that can go beyond normal Summit actions.

Install only if you trust Membrane and are comfortable giving the agent authenticated access to Summit through a reusable local Membrane session. Prefer prebuilt actions, use least-privilege Summit/Membrane access, avoid full-URL proxy requests, and explicitly approve any POST, PUT, PATCH, or DELETE operation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Context-Inappropriate Capability

High

Confidence: 98% confidence
Finding: Allowing users of a Summit-specific skill to pass a full URL causes the integration to become a general-purpose outbound HTTP proxy rather than a constrained Summit connector. This can enable SSRF-like behavior, access to unintended external services, data exfiltration to attacker-controlled endpoints, or bypass of network-use restrictions under the guise of a trusted business integration.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal