Digital Manager Guru

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Digital Manager Guru integration, but it gives an agent broad authenticated power to create, change, or delete business records without clear safety gates.

Install only if you are comfortable connecting Digital Manager Guru through Membrane and letting an agent act with that account's permissions. Use a least-privileged account where possible, require explicit approval before creating, editing, or deleting records, and be especially careful with invoices, client data, and direct proxy requests.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The activation condition is broad enough to trigger on many generic requests about data management, records, or workflow automation, which can cause the agent to invoke this skill outside the user's intended scope. Over-broad routing increases the chance of unnecessary external actions or data access in a network-enabled integration skill.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal