Twenty CRM

Security checks across malware telemetry and agentic risk

Overview

This is a documented Twenty CRM connector that uses a Maton API key to read and modify CRM data, with some scope details under-described but not hidden.

Install only if you trust Maton with access to your Twenty CRM. Keep MATON_API_KEY private, use the Maton-Connection header when multiple accounts exist, and approve writes or deletes only after confirming the exact record or connection ID and intended effect.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The manifest understates the skill's actual capabilities by omitting connection-management operations and workspace member access documented later in the file. This scope mismatch can mislead users or higher-level agents about what the skill can access, weakening informed consent and policy enforcement around sensitive CRM and identity data.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The security section claims access is limited to CRM objects, but the API reference exposes workspaceMembers, which may reveal user identity and organizational membership information. Inconsistent security statements reduce operator awareness and may cause unauthorized data exposure because the documented permissions are broader than represented.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal