Fireberry

Security checks across malware telemetry and agentic risk

Overview

This appears to be a Fireberry CRM helper whose business-data write access is expected for its purpose, but users should treat create and update actions carefully.

Install only if you want the agent to work with Fireberry CRM records. Before any create or update operation, ask it to preview the exact records and fields it will change, and use the least-privileged Fireberry account or API access available.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill exposes multiple state-changing CRM capabilities such as creating and updating contacts, accounts, opportunities, tasks, and notes, but does not clearly warn that using these actions can modify or overwrite user business data. In an agentic context, that omission increases the chance of unintended writes, especially if the agent interprets a vague request and executes a destructive or business-impacting action without explicit confirmation.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal