Ortto

Security checks across malware telemetry and agentic risk

Overview

This Ortto integration is coherent, but it gives an agent broad authenticated power over customer records and messaging without clear confirmation safeguards.

Install only if you are comfortable granting delegated access to Ortto customer and messaging data through Membrane. Use a least-privilege account when possible, verify the CLI package source, and require explicit approval with a record preview before deletes, archives, audience changes, or email/SMS sends.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill documents destructive operations such as deleting and archiving people without requiring confirmation, warning about irreversibility, or distinguishing read-only from write/destructive actions. In an agent setting, this increases the chance that a model executes harmful state-changing actions on remote CRM data based on ambiguous or incomplete user intent.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The proxy request section enables arbitrary authenticated API calls, including unsupported endpoints and state-changing methods, but provides no warning about the risk of modifying or deleting remote data. In practice, this bypasses the safety of curated actions and can let an agent perform powerful operations with minimal guardrails once a connection exists.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal