Cufinder

Security checks across malware telemetry and agentic risk

Overview

This is a coherent CUFinder connector, but users should be careful because it can access or change lead and contact data through Membrane.

Install only if you intend to connect an agent to CUFinder through Membrane. Review any raw proxy request before it runs, especially bulk exports or POST/PUT/PATCH/DELETE operations, and avoid sending more lead or contact fields than the task needs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 79% confidence
Finding: The skill explicitly instructs use of direct proxy requests to the CUFinder API, which can involve sensitive lead and contact data, but it provides no warning about privacy, data minimization, or confirming user intent before transmitting records. In a sales-intelligence context, this increases the risk of sending personal or business contact data over the network without sufficient user awareness or constraint.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal