Connectwise Psa

Security checks across malware telemetry and agentic risk

Overview

This skill is a legitimate ConnectWise PSA integration, but it gives the assistant broad ability to change live business records through Membrane without explicit guardrails for write or delete operations.

Install only if you intend to let an assistant access and potentially modify your ConnectWise PSA environment through Membrane. Before using it, require the assistant to ask for explicit confirmation before any create, update, patch, delete, or raw proxy request, and consider using a least-privilege ConnectWise account or sandbox connection first.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill explicitly documents a generic proxy mechanism that supports mutating HTTP methods like POST, PUT, PATCH, and DELETE against the Connectwise PSA API, but it does not instruct the agent to obtain explicit user confirmation before performing destructive or state-changing operations. In a business-management context, this can lead to unintended modification or deletion of tickets, companies, time entries, or other production records if an agent over-applies the proxy capability.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal