Nutshell

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Nutshell CRM integration through Membrane, but users should review any CRM write actions before they run.

Install only if you trust Membrane and intend to connect it to Nutshell. Use the least-privileged Nutshell account practical, review Membrane's access to CRM data, and require the agent to show the target connection, action, and input JSON before creating or updating CRM records.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill advertises create and update actions on CRM records without any warning that these operations are state-changing and may modify or overwrite user data. In an agentic setting, that increases the risk that an assistant performs destructive or unintended writes without clear user confirmation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal