Teamleader

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Teamleader integration, but it gives an agent broad ability to change or delete live business records without clear confirmation safeguards.

Install only if you trust Membrane and intend to let an agent operate on your Teamleader account. Use the least-privileged account available, prefer listed Membrane actions over raw proxy calls, and require explicit approval with exact record IDs before any create, update, or delete operation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The skill explicitly documents direct proxy requests with mutating HTTP methods like POST, PUT, PATCH, and DELETE, but provides no guardrails about confirmation, least privilege, or destructive effects. In an agent setting, this can enable unintended record creation, modification, or deletion in a live Teamleader tenant if the model chooses raw requests over safer curated actions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal