Datto Autotask

Security checks across malware telemetry and agentic risk

Overview

This Datto Autotask skill is a coherent integration, but it gives broad authenticated access to business records, including raw write and delete API requests, without clear safety guardrails.

Install only if you intend to connect Datto Autotask through Membrane and are comfortable granting access to real PSA data. Use a least-privilege Autotask account, review Membrane’s role as a third-party proxy, consider pinning or verifying the CLI version, and require explicit user confirmation before any create, update, automation, or delete operation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly documents raw proxy requests with full HTTP verb support, including POST, PUT, PATCH, and DELETE, but does not require user confirmation or warn about the risk of modifying or deleting production PSA data. In an agent setting, this can enable unintended destructive actions against tickets, accounts, contracts, or other business records if the model chooses direct API access without sufficient safeguards.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal