Capsule Crm

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Capsule CRM integration that uses Membrane to access and manage CRM records, including high-impact create, update, and delete actions.

Install only if you trust Membrane and its npm CLI. Connect the intended Capsule CRM account, use the correct connection ID, and require an explicit user confirmation before running create, update, or delete actions, especially deletes of projects or tasks.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill advertises destructive delete actions without any guidance to require explicit user confirmation, preview the target resource, or warn about irreversibility. In a CRM context, accidental or overly eager agent execution could delete business records such as projects or tasks, causing data loss and operational disruption.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal