ClawHub

Salesforce Skill

Security checks across malware telemetry and agentic risk

Overview

This Salesforce skill is coherent and not malicious, but it gives an agent broad authenticated control over CRM data and org configuration with incomplete safeguards around some high-impact actions.

Install only if you are comfortable letting an agent operate through your Salesforce CLI. Prefer a sandbox or least-privilege Salesforce account, verify the target org before every action, require explicit approval for writes, deletes, bulk jobs, Apex, deployments, and raw API calls, and do not paste or summarize tokens, SFDX auth URLs, JWT keys, or verbose auth output into chat or logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The skill instructs users to authenticate immediately and includes multiple login flows, but it does not warn that Salesforce auth artifacts can include access tokens, refresh tokens, JWT keys, or SFDX auth URLs that must not be exposed in logs or chat output. In an agent context, this increases the chance that a user follows the guidance and inadvertently reveals credentials to the model, terminal history, or stored files.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The bulk import and upsert examples show large-scale write operations without a local warning or confirmation requirement, even though these commands can modify thousands of CRM records quickly. In an agent skill, examples are often copied directly, so separating the examples from the guardrails makes accidental mass data corruption more likely.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The REST API section includes authenticated POST and PATCH examples that can create or modify records, but it does not place an adjacent confirmation warning before those mutating calls. Because raw API requests bypass some of the safer, more constrained workflows, this materially raises the risk of unauthorized or unintended state changes in a production org.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The metadata deployment examples can alter org configuration, code, and behavior, yet the section lacks nearby warnings about deployment risk, environment targeting, or rollback planning. In Salesforce, deploying to the wrong org or deploying unreviewed metadata can cause outages, security regressions, or broken business workflows.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal