ClawHub

Query Customer Service Record

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-built for querying customer service records, but it can expose sensitive business/customer data through broad triggers and an unrestricted API destination.

Install only for users who are authorized to access the 霍小钉 customer-service system. Configure it to a trusted HTTPS API host, avoid passing arbitrary base URLs, and treat returned records as confidential customer and staff activity data. This is not evidence of malware, but it should be reviewed before deployment because it handles sensitive records with limited built-in safeguards.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The workflow sends customer names and query parameters to a remote service API, but the skill description does not warn users that their input will be transmitted off-agent. Because customer identity data may be sensitive business information, this lack of notice can lead to unconsented disclosure and privacy/compliance issues.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill is designed to display detailed customer service records, participant names, contact methods, and summaries without any privacy warning or access-control guidance. Exposing this operational history can reveal sensitive customer relationship details and employee activity data to an unauthorized viewer or in an inappropriate context.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script sends customer names to a caller-controlled base URL with no validation, allowlist, or user disclosure. In this skill's context, customer service queries involve business-sensitive data, so an attacker who can influence base_url can exfiltrate customer identifiers to an untrusted endpoint or internal host.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Service record queries transmit customer names and date ranges to a remote endpoint without constraining the destination or notifying the user. Because this skill handles customer service history, the context increases sensitivity: the request metadata can reveal customer relationships and business activity even before considering response contents.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal