Celonis Ems

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Celonis EMS integration, but it gives an agent broad authenticated API authority that could change or delete business data without clear guardrails.

Install only if you are comfortable letting the agent use your Membrane connection to make authenticated Celonis EMS API calls. Use a least-privilege Celonis account, prefer listed Membrane actions, and require explicit review before any write or delete request.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The skill advertises a relatively narrow Celonis EMS integration use case, but the documented proxy feature enables arbitrary requests to any Celonis EMS endpoint, including mutating operations such as POST, PATCH, and DELETE. This expands the effective authority of the skill beyond the declared scope, increasing the risk of unintended destructive actions, data modification, or access to unsupported resources if an agent follows the documentation too broadly.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal