Klenty

Security checks across malware telemetry and agentic risk

Overview

This Klenty integration is not overtly malicious, but it needs Review because it enables broad authenticated Klenty API requests that could change sales data or outreach without clear built-in guardrails.

Install only if you trust the publisher and intend to let the agent operate against your Klenty account. Use the least-privileged account or API key available, prefer pre-built Membrane actions, and require explicit approval before creating, updating, deleting, enrolling prospects in cadences, or sending outreach.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly documents a generic authenticated proxy request capability to the Klenty API without guardrails, scope restrictions, or a warning that this enables arbitrary operations against the user's account. In an agent setting, this can let the model perform unintended reads, writes, or destructive actions if prompted ambiguously or adversarially.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal