Security audit

Pipedrive

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a CRM integration, but it exposes persistent webhooks, file transfer, and delete actions that are broader and riskier than the stated workflow description.

Review this skill carefully before installing. Only use it with CRM permissions you are comfortable delegating, and require explicit confirmation before creating webhooks, moving files, or deleting records. Check existing webhooks regularly and prefer least-privilege CRM credentials where possible.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The schema exposes webhook creation, listing, and deletion capabilities that are not clearly disclosed in the manifest description. This is dangerous because webhooks can continuously export CRM change events to external endpoints, creating a hidden data egress path and expanding the skill's operational scope beyond what a user or calling agent may expect.

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: The schema includes download, upload, and remote file-linking capabilities that materially extend the skill beyond the stated CRM workflow scope. These actions can move files into or out of connected systems and attach third-party content, which increases the risk of unintended data transfer, sensitive document exposure, or abuse of external integrations.

Description-Behavior Mismatch

Low

Confidence: 88% confidence
Finding: The manifest emphasizes create and update workflows, but the schema also exposes multiple delete operations for leads, notes, files, records, and webhooks. This mismatch can cause users or higher-level agents to underestimate the destructive power of the skill, increasing the chance of accidental or unauthorized deletion.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill exposes destructive actions like delete operations and externally transmitting actions like webhook creation and file movement, but it does not consistently require explicit user confirmation or present strong user-facing warnings before those actions. In an autonomous agent setting, this can lead to accidental data deletion, unintended outbound data flows, or persistent exfiltration paths via webhooks.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: Delete actions are documented as routine operations without warning text, confirmation guidance, or safeguards. In a CRM context, deleting deals, contacts, notes, files, or webhooks can cause irreversible business-data loss or monitoring gaps, especially when invoked by an autonomous agent acting on ambiguous instructions.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: Webhook creation sends CRM change events to a user-supplied external HTTPS endpoint, but the schema provides no explicit disclosure warning about external data sharing. In this skill's context, webhook payloads can include sensitive sales, contact, and organizational metadata, making silent or poorly understood outbound subscriptions a significant exfiltration risk.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal