Creatio

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Creatio integration, but it gives an agent broad authenticated CRM/API authority without enough scoping or confirmation guidance.

Install only if you trust Membrane and intend to let an agent access Creatio. Use a least-privilege Creatio account, manually confirm any create/update/delete/export/admin/proxy request, and know how to revoke the Membrane connection before use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The manifest says the skill is for managing Leads, Organizations, and Users, but the body documents a much broader CRM and platform administration surface, including many objects and operational verbs. This mismatch can cause the agent or user to invoke the skill in contexts they did not intend, expanding effective permissions and increasing the chance of overbroad or unsafe actions.

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: The proxy request section allows arbitrary requests to Creatio API endpoints through Membrane, effectively bypassing the narrower curated action set. That enables access to unintended read, write, delete, and administrative operations, making the skill substantially more powerful than its stated purpose and harder to constrain safely.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The activation text 'Use when the user wants to interact with Creatio data' is broad enough to trigger on many requests involving Creatio, even when the user did not ask for this skill's specific functions. Overbroad routing can cause the agent to select a high-privilege integration unnecessarily, exposing data or enabling actions outside user expectations.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The proxy request instructions present direct API access as a fallback without warning that HTTP methods like POST, PUT, PATCH, and DELETE can change or destroy remote data. In an agent setting, omission of mutation-risk guidance increases the chance of accidental destructive actions against production CRM records or configuration.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal