folk CLI
Security checks across malware telemetry and agentic risk
Overview
This skill is a clearly scoped helper for using a folk.app CRM CLI, with disclosed credential use and safeguards around data-changing actions.
Before installing, confirm you trust the folkctl package source and understand that the configured API key can read and change CRM records, notes, reminders, interactions, and webhooks. Use dry-run previews for changes, require explicit confirmation for deletes, and avoid pasting API keys into chat.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.