Back to skill

Security audit

Super Datto Autotask Integration

Security checks across malware telemetry and agentic risk

Overview

The skill is a plausible Datto Autotask integration, but it can modify live business records and trigger automations without clear safety boundaries or confirmation guidance.

Review this skill before installing in a production Autotask environment. Use it only with accounts and connections scoped to the intended tenant and permissions, require explicit user approval before creating or running write actions, and test action behavior on non-production or low-risk records first.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill description is extremely broad and vague, encouraging use across many operational tasks without defining clear trigger boundaries or user-confirmation requirements. In a live PSA environment, this can cause the agent to invoke the skill for ambiguous requests and perform unintended ticket, project, or account changes.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation promotes updating records, triggering automations, and synchronizing data but does not warn that actions operate on live Datto Autotask data and may trigger downstream business workflows. Users or agents may treat the skill like a harmless read-only integration and unintentionally cause production changes, automation cascades, or data corruption.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.