ClawHub

Customer Success Manager

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local customer analytics skill that handles potentially confidential customer data but does not request network access, credentials, persistence, or privileged control.

Install only if you are comfortable using a local Python-based customer success analysis skill. Run it only on customer data you are authorized to analyze, minimize or anonymize identifiers where practical, and store generated reports according to your organization's confidentiality and retention rules.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill description includes broad trigger phrases like 'when the user mentions churn' and 'customer analytics', which can cause overbroad invocation during ordinary business conversations. In an agent environment, this increases the chance that sensitive customer, revenue, retention, or account data is routed into the skill without deliberate user intent or appropriate minimization.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The input requirements show the skill processes detailed customer account, contract, sentiment, support, and revenue-related fields, but the documentation omits any warning that this data may be sensitive or confidential. Without handling guidance, users may supply identifiable commercial data without understanding exposure, retention, or sharing risks, increasing the likelihood of inappropriate data use in downstream agent workflows.

Missing User Warnings

Low
Confidence
90% confidence
Finding
This template is designed to collect and present sensitive business and relationship data, including customer names, executive contacts, renewal status, stakeholder sentiment, support history, competitive landscape, and revenue figures, but it provides no privacy handling guidance, minimization rules, or restrictions on sharing/storage. In a customer success skill, this increases the risk that users will paste real customer confidential information into broadly accessible files, prompts, logs, or downstream systems without appropriate controls.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal