Invoice Ninja

Security checks across malware telemetry and agentic risk

Overview

This Invoice Ninja skill is a plausible integration, but it gives an agent broad authenticated control over sensitive billing data without clear guardrails.

Install only if you trust Membrane and intend to let an agent access real Invoice Ninja billing data. Use a least-privileged or test account where possible, require explicit approval before create/update/delete/payment-related actions, avoid raw proxy requests unless necessary, and revoke the Membrane connection when finished.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The manifest describes the skill as managing organizations, but the body documents broad access to many Invoice Ninja resources plus arbitrary API access. This scope mismatch can mislead operators and downstream policy systems, causing the skill to be invoked with fewer restrictions than its real capabilities warrant.

Context-Inappropriate Capability

Medium

Confidence: 98% confidence
Finding: The generic proxy request feature enables arbitrary authenticated requests to the Invoice Ninja API, bypassing the narrower set of curated actions and effectively granting full connector capability. In a skill advertised for a limited purpose, this creates a privilege-expansion path that could expose, modify, or delete billing data beyond user expectations.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal