Superoffice

Security checks across malware telemetry and agentic risk

Overview

This is a real SuperOffice CRM integration, but it gives an agent broad live CRM write authority without clear confirmation or safety limits.

Review this carefully before installing. Use a least-privilege SuperOffice account, only run it for explicit SuperOffice tasks, confirm every create/update/delete/import/export/payment/admin action before execution, and consider pinning or vetting the Membrane CLI version instead of installing @latest.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill description is broad enough to match many generic CRM-related requests, which can cause the agent to invoke this skill in situations where the user did not specifically intend to operate on SuperOffice data. Because the skill supports both read and write operations, over-broad routing increases the chance of unintended access or modification of business records.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The documentation explains how to create and run actions, including write operations like creating contacts, projects, and tickets, but does not warn that these steps may modify live production data. In an agent setting, missing guardrails around side effects can lead to accidental record creation, updates, or other destructive operations without explicit user confirmation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal