ClawHub

Lead Enrichment

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it needs review because it advertises real lead enrichment while returning mock dossiers and batch mode can run commands from a crafted CSV file.

Install only after review or fixes. Do not run batch mode on untrusted CSV files, do not rely on the current enrichment output as factual, and require the publisher to replace the mock implementation, remove the bash -c CSV path, make credential checks explicit, and add clear privacy/export controls before using it with real leads.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The setup script probes a fixed external secrets file in the user's home directory to discover API keys unrelated to this script's own local configuration. Even though it only checks for key names and does not print values, reading arbitrary credential stores creates unnecessary credential-access behavior and couples the skill to another tool's secret location, which increases privacy and trust risks.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill encourages piping enriched lead data directly to an external CRM without a clear warning that personally identifiable or inferred contact data may be transmitted off-platform. In this context, the omission is risky because the skill assembles dossiers from multiple sources, including guessed emails and recent activity, which could be exported to third parties without user review or consent checks.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal