Crezco

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Crezco integration, but it gives broad authenticated access to payment and accounting operations without clear user-confirmation guardrails.

Install only if you trust Membrane and intend to let an agent access a Crezco financial account. Use the least-privileged Crezco/Membrane connection available, inspect discovered actions and raw API requests before running them, and require explicit approval before any payment, reconciliation, create, update, or delete operation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The skill description is broad enough to match many generic 'manage data' or 'automate workflows' requests, which can cause the agent to invoke a payment-capable integration outside the user's clear intent. In a financial context, overbroad routing is risky because even read/write operations may expose sensitive records or enable downstream payment-related actions.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill handles a B2B payments platform but does not prominently warn that it can affect payment requests, counterparties, accounts, and financial records. Without an explicit warning, users and higher-level agents may treat it like a generic data connector and initiate sensitive financial operations without appropriate caution or confirmation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal