Moneybird

Security checks across malware telemetry and agentic risk

Overview

This looks like a legitimate Moneybird accounting integration, but it gives an agent broad ability to read and change financial records without enough built-in approval guidance.

Install only if you are comfortable connecting Moneybird through Membrane and letting an agent access sensitive accounting data. Use a least-privileged Moneybird account where possible, verify the administration and record IDs, and require explicit confirmation before creating, updating, sending, deleting, or making non-GET proxy requests.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill advertises destructive actions such as deleting invoices, contacts, and products without requiring explicit confirmation or warning about irreversible changes. In an accounting context, accidental deletion can cause data loss, audit issues, and business disruption, especially if an agent executes actions based on ambiguous user requests.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The proxy request section enables arbitrary authenticated API calls, including POST, PUT, PATCH, and DELETE, with no guardrails around mutating operations. This materially increases the chance that an agent could perform unintended or overbroad changes to financial records, bypassing the safer semantics and validation of predefined actions.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal