FreshBooks CLI
Security checks across malware telemetry and agentic risk
Overview
This is a disclosed FreshBooks CLI skill for managing clients and invoices, with expected billing access and clear confirmation guidance for changes.
Before installing, verify the third-party npm package and publisher, then only provide FreshBooks OAuth credentials for an account you intend the CLI to manage. Because the tool can modify billing records, keep confirmation enabled for invoice or client changes and use the logout command when you want to remove stored tokens.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.