Capsule Crm

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Capsule CRM connector, but it can change or delete live CRM records without documented confirmation safeguards.

Install only if you intend to let an agent access your Capsule CRM through Membrane. Before any create, update, delete, or raw proxy request, verify the Capsule account, action, record IDs, and parameters, and confirm how to revoke the Membrane/Capsule connection.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill explicitly documents delete-project and delete-task operations but provides no guidance to require user confirmation, preview the target resource, or warn about irreversibility. In an agent context, that omission increases the chance of accidental destructive actions against live CRM data, especially if the model interprets a broad user request too aggressively.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal