Back to skill

Security audit

CRM Engine

Security checks across malware telemetry and agentic risk

Overview

CRM Engine is a coherent CRM API skill, but it deserves Review because it encourages autonomous paid changes to sensitive customer and sales records without enough user-control or data-handling guidance.

Install only if you are comfortable sending CRM/customer data to this external paid gateway. Use scoped credentials or test data first, require human approval for writes and paid calls, set budget/rate limits, and verify the provider's privacy, retention, deletion, tenant isolation, and audit-log policies before using it with real customer records.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly handles CRM accounts, leads, contacts, deals, and work orders, which commonly include sensitive business and personal data such as names, emails, phone numbers, addresses, and sales notes. It provides no warning that this information is being transmitted to an external paid service or that users/agents should avoid sending regulated, confidential, or unnecessary personal data, creating a meaningful privacy and data-governance risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The use cases encourage autonomous agents to create and update CRM records, progress deals, and create work orders without any warning that these actions modify persistent business records and may trigger downstream operational or sales consequences. In an agentic context, silent record mutation is especially risky because incorrect or hallucinated inputs can create bad data, alter pipeline status, or initiate service workflows without human review.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.