noCRM.io

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed noCRM.io connector skill for managing leads, including expected CRM write and delete actions with global confirmation guidance.

Install only if you intend to let an agent operate your noCRM.io account through OOMOL. Before any create, update, cancellation, assignment, tagging, duplication, or delete action, verify the exact lead, payload, and intended effect; deletes should require explicit approval.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The action documentation instructs users to cancel a lead in a remote CRM system but does not clearly warn that this is a state-changing, potentially destructive operation. In an agent/tooling context, missing mutation warnings increases the chance of unintended execution, leading to workflow disruption, lost sales opportunities, or erroneous business records.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal