Security audit

MarketUP管理

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real MarketUP CRM helper, but it can change CRM records and stores the API key persistently with limited safeguards.

Install only if you intend to let this skill access and modify MarketUP CRM data. Use a least-privilege, revocable API key, understand that setup stores it in ~/.openclaw/.env, remove or rotate the key when finished, and ask the agent to show target records and payloads before important write actions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (5)

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill mandates writing MARKETUP_API_KEY to a global env file and even requires the agent to execute that setup flow automatically when the variable is missing. Persisting credentials to a shared global configuration path without an explicit warning or consent step can expose secrets to other skills, users, backups, or processes on the host and creates lasting compromise if the endpoint or machine is later accessed by an attacker.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: This documentation instructs users how to perform a state-changing CRM operation that converts a lead into an account and includes example payloads containing personal data, but it provides no warning about authorization, production-data changes, or safe handling of exported request bodies. In an agent skill context, this increases the chance of unintended record modification, privacy mishandling, or use against real tenant data by operators who may treat the example as safe to run verbatim.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: This section documents a destructive lead action ('discard' / return to pool) without warning about reversibility, approval requirements, or operational consequences. In a CRM workflow skill, that omission increases the chance an agent or operator will invoke the endpoint and unintentionally alter lead ownership/state, causing data integrity and business process disruption.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The examples include creation and modification of leads containing personal data such as names and phone numbers, but provide no privacy, consent, or data-handling guidance. In an agent skill, this can normalize transmitting real PII to a remote CRM endpoint without validating authorization, minimization, or environment safety.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The instructions require the agent to run a script that persists the user's API key into ~/.openclaw/.env, but they do not require any explicit notice, consent, or warning that the secret will be stored on disk. This creates a real secret-handling risk because users may believe they are providing a transient credential for the current task, while the skill silently establishes longer-lived local persistence that could be exposed to other local processes, backups, or future sessions.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.