Liondesk

Security checks across malware telemetry and agentic risk

Overview

This Liondesk CRM skill is coherent, but it deserves review because it enables broad authenticated API actions that could change or delete CRM data.

Install only if you trust Membrane and are comfortable connecting Liondesk CRM data through it. Prefer listed Membrane actions over raw proxy calls, use the least-privileged Liondesk account available, and require the agent to show and confirm any POST, PUT, PATCH, or DELETE request before it runs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly documents raw proxy access to arbitrary API paths and state-changing methods like POST, PUT, PATCH, and DELETE without requiring confirmation or warning about destructive effects. In an agent setting, this can enable unintended writes, deletions, or broad account changes if the model chooses the proxy path without clearly surfacing risk to the user.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal