Freeagent

Security checks across malware telemetry and agentic risk

Overview

This FreeAgent accounting skill is transparent about using Membrane, but it enables broad financial record changes without clear confirmation safeguards.

Install only if you intend to connect a real FreeAgent account through Membrane. Use read-only actions first, confirm exact record IDs and intended changes before any create, update, delete, or proxy request, and revoke the Membrane connection when it is no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill documents destructive and state-changing capabilities, including create, update, delete, and raw proxy requests, without requiring confirmation or warning before modifying accounting data. In a financial/accounting context, accidental or overbroad execution could alter invoices, contacts, bills, or other records, causing integrity and operational impact.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal