Quickbooks

Security checks across malware telemetry and agentic risk

Overview

This QuickBooks skill is coherent, but it can make live accounting changes and raw authenticated API calls without enough built-in confirmation guidance.

Install only if you trust Membrane with QuickBooks access and plan to supervise use closely. Prefer read-only queries and curated actions, confirm the exact QuickBooks company before use, require explicit approval before any create, update, delete, payment, or raw proxy request, and revoke the connection when it is no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill advertises data-modifying actions such as creating invoices, bills, payments, and accounts without warning that these operations can alter authoritative financial records. In an accounting context, silent or under-explained write capabilities increase the risk of accidental ledger changes, fraud-enabling actions, or user surprise when an agent executes a modification.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The proxy request section enables arbitrary API calls through an authenticated QuickBooks connection, which can expose or modify sensitive accounting data beyond curated actions. Without strong warnings, guardrails, or confirmation requirements, an agent could issue unintended high-impact requests directly against financial systems and bypass safer abstractions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal