Qinglong Crm Extractor
Security checks across malware telemetry and agentic risk
Overview
The included code appears harmless, but the package identity is inconsistent: it is listed as a CRM extractor while the files describe a simulated space-login toy.
Do not install this expecting CRM extraction or business-data automation. The code itself looks like a harmless local demo, but the publisher should align the package name, slug, summary, install command, and implemented purpose before users rely on it.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.