Zoho Subscriptions
Security checks across malware telemetry and agentic risk
Overview
This Zoho Subscriptions skill is coherent and disclosed, but it gives an agent broad authenticated access to sensitive billing data, including write and delete-capable proxy requests, without clear approval guardrails.
Install only if you are comfortable connecting Zoho Subscriptions to Membrane and allowing an agent to operate on billing data. Use the least-privileged Zoho account available, prefer discovered prebuilt actions over raw proxy calls, and require explicit confirmation before creating, updating, canceling, refunding, or deleting billing records.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.