Twenty CRM

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed CRM API helper, but it should be used carefully because it can read, create, edit, and delete Twenty CRM records with the configured token.

Install only if you intend your agent to operate on the configured Twenty CRM workspace. Use a least-privilege API token, keep the env file out of source control and logs, review all POST/PATCH/DELETE commands before running them, and avoid passing untrusted or complex search strings until query encoding is fixed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The documentation advertises POST, PATCH, DELETE, and object-creation commands without clearly warning that they will modify or permanently remove data in a remote CRM. In an agent setting, that omission increases the risk of accidental destructive actions against production systems, especially because CRM data is business-critical and the examples are immediately runnable.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill instructs users to store a bearer token in a local env file but does not warn that this credential grants authenticated access to the CRM and must be handled as a secret. If exposed through logs, screenshots, repo commits, or permissive file access, an attacker could read or modify CRM data via REST or GraphQL using the same token.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal