Centralstationcrm

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed CentralStationCRM integration that can read and change CRM data through Membrane, with no evidence of hidden or malicious behavior.

Install only if you trust Membrane and want an assistant to access CentralStationCRM. Use a least-privilege CRM account where possible, review targets before create/update/delete actions, and require explicit confirmation before any deletion or mutating proxy request.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill documents a delete capability without any guidance to require explicit user confirmation, preview the target record, or warn about irreversible effects. In an agentic setting, this increases the risk of accidental or over-broad destructive actions against CRM data, especially if the model infers intent incorrectly or operates on ambiguous identifiers.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal