ClawHub

GoHighLevel

Security checks across malware telemetry and agentic risk

Overview

This is a real GoHighLevel CRM helper, but it gives an assistant live authority to change CRM data, send messages, and delete business configuration without built-in confirmation safeguards.

Install only if you are comfortable giving an assistant live GoHighLevel authority. Use a sub-account Private Integration with the minimum scopes needed, avoid agency-wide tokens unless required, do not echo or share the token, and require human confirmation before sending messages, deleting records or tags, changing custom fields/values, enrolling workflows, creating invoices, recording payments, uploading external URLs, or publishing social posts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (10)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill declares no explicit permissions while clearly requiring environment-variable access for a bearer token and outbound network access to a CRM API. This under-disclosure is dangerous because users and hosting platforms cannot accurately assess the privilege boundary, and a high-value CRM token may be exposed to a skill they did not realize had credential and network capabilities.

Tp4

High
Category
MCP Tool Poisoning
Confidence
86% confidence
Finding
The file mixes CRM-integration claims with promotional links, affiliate-style marketing, and personal contact/social information unrelated to the operational purpose of the skill. This is risky because it broadens trust assumptions, may steer users to external sites during setup, and obscures the true behavior and operational boundaries of the skill.

Vague Triggers

Medium
Confidence
84% confidence
Finding
Broad activation phrases like "set up highlevel" or "connect my GHL" may overlap with ordinary user conversation and can trigger setup flows unexpectedly. In a skill that can access credentials and later perform CRM actions, accidental invocation increases the chance of unintended connection attempts, data access, or user confusion around consent.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill description emphasizes convenience and safety but does not prominently warn that commands can create, update, delete CRM records and send outbound communications. This omission is dangerous because users may invoke actions without understanding that the skill can modify production business data or contact customers through external channels.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The troubleshooting guide includes a live POST example that creates a contact in the user's actual GoHighLevel account, but it does not warn that the command is state-changing or advise using a test/sandbox record. Users troubleshooting connectivity may run it verbatim against production, causing unintended CRM data creation and downstream workflow triggers.

Natural-Language Policy Violations

Medium
Confidence
96% confidence
Finding
The guide tells users to echo the private integration token directly in the terminal, which increases the risk of credential exposure through shell history, terminal logging, screen sharing, CI logs, or copied output. Even though the intent is troubleshooting, exposing a long-lived private token can enable full API access within granted scopes.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The wizard automatically retrieves and prints contact records including names, email addresses, phone numbers, and tags to the terminal. Even though this is framed as a usability step, it exposes potentially sensitive personal data without an explicit privacy warning, consent checkpoint, or output minimization, which can leak data to shared terminals, logs, or screen recordings.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
|    | | | `GET /locations/{id}/customFields` — List | |
|    | | | `POST /locations/{id}/customFields` — Create | |
|    | | | `PUT /locations/{id}/customFields/{fid}` — Update | |
|    | | | `DELETE /locations/{id}/customFields/{fid}` — Delete | |
|    | | | **Custom Values CRUD:** | |
|    | | | `GET /locations/{id}/customValues` — List | |
|    | | | `POST /locations/{id}/customValues` — Create | |
Confidence
89% confidence
Finding
DELETE /locations/{id}/customFields/{fid}`

Tool Parameter Abuse

High
Category
Tool Misuse
Content
|    | | | `GET /locations/{id}/customValues` — List | |
|    | | | `POST /locations/{id}/customValues` — Create | |
|    | | | `PUT /locations/{id}/customValues/{vid}` — Update | |
|    | | | `DELETE /locations/{id}/customValues/{vid}` — Delete | |
|    | | | **Tags CRUD:** | |
|    | | | `GET /locations/{id}/tags` — List | |
|    | | | `POST /locations/{id}/tags` — Create | |
Confidence
89% confidence
Finding
DELETE /locations/{id}/customValues/{vid}`

Tool Parameter Abuse

High
Category
Tool Misuse
Content
|    | | | `GET /locations/{id}/tags` — List | |
|    | | | `POST /locations/{id}/tags` — Create | |
|    | | | `PUT /locations/{id}/tags/{tid}` — Update | |
|    | | | `DELETE /locations/{id}/tags/{tid}` — Delete | |
| 11 | **Users** | `/users/` | CRUD, filter by email/role | `users` |
| 12 | **Forms** | `/forms/` | List forms, get submissions | `forms` |
| 13 | **Surveys** | `/surveys/` | List surveys, get submissions | `surveys` |
Confidence
87% confidence
Finding
DELETE /locations/{id}/tags/{tid}`

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal