ClawHub

Financialforce

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent for FinancialForce access, but it gives an agent broad live ERP action and raw API authority without clear safeguards for write or delete operations.

Install only if you intend to let an agent work with FinancialForce through Membrane. Use a least-privilege or sandbox FinancialForce account where possible, prefer read-only action discovery first, and require explicit user confirmation before creating, updating, deleting, posting, paying, writing off, or otherwise changing business-critical records.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The invocation description is broad enough that the skill could be selected for many generic finance-related requests, not just explicit FinancialForce operations. That increases the chance of unintended activation of a network-capable skill that can query or modify enterprise ERP data, especially if downstream tooling performs actions without strong confirmation boundaries.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill documents action execution and raw proxy requests but does not warn that these capabilities may create, update, or delete FinancialForce records. In an ERP context, silent use of mutation-capable operations can affect invoices, payments, journals, or other business-critical records, causing financial integrity and operational risks if the agent acts on ambiguous prompts.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal