ClawHub

Meddic B2b Sales Review

Security checks across malware telemetry and agentic risk

Overview

This is a coherent sales-review skill, but it asks the agent to store customer visit data and create scheduled reminders without clear user consent or scope controls.

Install only if you are comfortable with the agent using a customer-memory workflow. Before using visit debriefs, require the agent to show what it will read or append, confirm before writing customer notes, and only enable Cron reminders after an explicit opt-in with clear frequency and scope.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list uses common conversational words like “考虑”, “预算”, and “老板” to automatically recall sales frameworks. Because these terms appear in many unrelated contexts, the skill can activate retrieval too broadly and inject irrelevant sales guidance into conversations that were not actually about opportunity-stage diagnosis. In a recall system, this is a genuine prompt-quality/security issue because it increases unintended behavior and context contamination.

Vague Triggers

Medium
Confidence
88% confidence
Finding
These mappings connect generic phrases directly to specific stages like Champion/Economic Buyer without enough contextual validation. That creates a risk of misclassification, causing the agent to overfit the conversation to a sales methodology stage and produce misleading guidance. The danger is amplified because the file explicitly encourages automatic association rather than cautious inference.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The file assigns highest-priority recall to broad phrases such as opportunity judgment and whether to continue investing, which can appear in many advisory or strategic discussions. Because the instruction is to trigger recall automatically at high priority, the system may override more relevant context and pull in this methodology inappropriately. This is a true vulnerability in retrieval behavior because it can systematically bias responses and reduce reliability.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger conditions include very broad natural-language phrases such as '今天见了XX客户' and '帮我做个拜访复盘', which can match ordinary conversation without a clear confirmation step. This can cause unintended activation of the skill, leading to processing of sensitive customer meeting notes or initiating downstream memory actions when the user did not explicitly intend to run the workflow.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The cron-based proactive trigger is underspecified: it states the skill may actively ask on a daily schedule, but does not define user opt-in, scope, suppression rules, or guardrails around when outreach is appropriate. An always-on or ambiguous scheduled trigger can cause privacy-invasive prompts, accidental collection of business-sensitive information, and repeated activation without meaningful user intent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs automatic reading from and appending to customer memory files, plus creating cron reminders, but does not say the user will be notified or asked for consent at the time of those operations. Because the content involves customer visit notes and sales intelligence, silent persistence and retrieval increase the risk of unauthorized handling of sensitive commercial and personal data.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal