Zoho Crm

Security checks across malware telemetry and agentic risk

Overview

This Zoho CRM skill is coherent, but it should be reviewed because it can change or delete CRM data and make authenticated raw API calls without clear confirmation guidance.

Install only if you trust Membrane and intend to grant Zoho CRM access. Use a least-privileged Zoho account, review exactly what data the connection can access, and require a clear preview plus explicit confirmation before deletes, bulk updates, lead conversion, cloning, upserts, or any non-GET proxy request.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill documents destructive operations such as delete, update, convert, clone, and upsert against CRM records without any guidance to obtain explicit user confirmation, verify targets, or warn about irreversible business impact. In an agent setting, this increases the chance of accidental or overly broad modification/deletion of customer data, especially when the model is acting on ambiguous requests.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The proxy request section enables arbitrary authenticated API calls, including write and delete requests, but provides no warning, scoping guidance, or confirmation requirements. Because the proxy can bypass safer prebuilt actions and directly reach sensitive CRM endpoints, an agent could perform unintended bulk changes, deletions, or other high-impact operations with valid credentials.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal