Civicrm

Security checks across malware telemetry and agentic risk

Overview

This looks like a legitimate CiviCRM integration, but it gives an agent broad authenticated access to sensitive CRM data, including write, delete, and raw API request capability, without enough built-in safeguards.

Install only if you trust Membrane and intend to let an agent operate on CiviCRM data. Use the least-privileged CiviCRM account practical, prefer predefined Membrane actions over raw proxy requests, require explicit confirmation before any create/update/delete/payment/mailing/settings change, and revoke the Membrane connection when it is no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill documents create, update, and delete operations but does not warn the agent or user about the consequences of mutating CRM records. In an agent setting, this increases the chance of accidental record creation, modification, or deletion based on ambiguous prompts or over-eager automation, affecting sensitive nonprofit CRM data and operational integrity.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal