Crm Agents

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only skill for manually sending CRM analysis tasks to a disclosed third-party API, with paid execution disclosed and no local code or privileges.

Install only if you are comfortable sending the task text you provide to sputnikx.xyz. Do not submit customer records, secrets, regulated data, or confidential CRM details unless you have approval and trust the provider's data handling, and confirm any x402 USDC payment before paid execution.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 78% confidence
Finding: The auto-route feature accepts open-ended natural-language tasks and delegates selection to an external system, which expands the action surface without clear constraints or approval gates. In an agent platform, this can cause unintended external execution, routing to the wrong capability, or triggering paid actions from vague prompts.

External Transmission

Medium

Category: Data Exfiltration
Content: ## List Available Skills (free) ```bash curl https://sputnikx.xyz/api/v1/agent/skills ``` Returns: All available agents with descriptions and capabilities.
Confidence: 93% confidence
Finding: curl https://sputnikx.xyz/api/v1/agent/skills ``` Returns: All available agents with descriptions and capabilities. ## Run Agent Skill ($0.50 x402 USDC) ```bash curl -X POST https://sputnikx.xyz/api/

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal