Back to skill

Security audit

Zoho CRM

Security checks across malware telemetry and agentic risk

Overview

This is a transparent Zoho CRM integration that can read and change CRM data through Maton, with the sensitive access disclosed and aligned to its purpose.

Install only if you trust Maton to proxy Zoho CRM requests and manage OAuth for the intended account. Protect MATON_API_KEY, select the correct Maton connection when multiple accounts exist, and require fresh confirmation before any create, update, delete, bulk, user, or account-management action runs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The skill exposes destructive delete capability in examples without placing a clear warning or confirmation requirement immediately adjacent to the delete operation. In an agent setting, this increases the chance of unsafe automation or accidental destructive actions against CRM data.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.