Back to skill

Security audit

Web Star Studio's Flow CRM

Security checks across malware telemetry and agentic risk

Overview

This skill is a real FlowDeck API helper, but it can change or delete business data and pushes users to provide more sensitive client data than the API requires.

Review before installing. Use only with a FlowDeck workspace where the API key is appropriately scoped, and avoid giving the assistant CPF/CNPJ or finance contact details unless they are truly needed. Require explicit confirmation before create, update, or delete actions, especially for receivables, expenses, clients, projects, tasks, and comments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill invokes a networked API and consumes environment-provided secrets, but the skill manifest does not declare those capabilities. This weakens platform oversight and informed consent because users and tooling cannot clearly see that the skill will access env secrets and make outbound requests.

Tp4

High
Category
MCP Tool Poisoning
Confidence
83% confidence
Finding
The documented purpose is limited to CRM resources, but the skill text indicates support for project-scoped and project-management operations such as projects, cycles, tasks, and comments. This scope expansion can mislead users and reviewers, enabling unintended access or modification of non-CRM data under a narrower stated trust boundary.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill mandates collection of sensitive personal and financial data such as CPF/CNPJ and finance email before client creation, but provides no privacy notice, minimization guidance, or sensitivity warning. This increases the likelihood of unnecessary exposure of regulated or high-sensitivity data in chat, logs, or downstream systems.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill advertises delete operations without any warning that the action may be destructive and irreversible. In a CRM context, accidental deletion can cause business data loss, workflow disruption, and difficult recovery if the backend lacks soft-delete or audit rollback.

Ssd 3

Medium
Confidence
95% confidence
Finding
The workflow requires proactively asking for a broad set of personal and financial fields even though the API only requires a name. This violates data minimization principles and increases the amount of sensitive information exposed to the assistant, logs, and operators without operational necessity.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.