ClawHub

GoHighLevel CRM Automation

Security checks across malware telemetry and agentic risk

Overview

This GoHighLevel skill is disclosed, but it can send customer messages and change CRM records with broad token access and no built-in per-action approval.

Install only if you are comfortable giving an agent broad GoHighLevel access. Use the least-privileged token possible, start in a test location, require human approval outside the skill for outbound messages and important CRM changes, and verify TCPA/consent handling before allowing SMS or workflow automation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The docstring claims TCPA compliance is enforced, but the function sends outbound messages without checking consent status, quiet hours, opt-out state, or approved channels. That mismatch can cause operators to rely on a nonexistent safeguard and send unlawful or unauthorized messages to contacts.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The CLI performs state-changing operations such as contact updates, tag changes, note creation, and message sending immediately, with no confirmation prompt, dry-run mode, or explicit warning that remote customer data will be modified. In an agent skill context with broad CRM write access, this raises the chance of accidental or automated harmful actions affecting real customer records.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
Workflow triggering, opportunity updates, and note creation can alter business process state, customer records, and automated downstream actions, yet they execute without confirmation or operator warning. In this skill's context of full CRM read/write access, accidental invocation could cause customer-facing automation, pipeline corruption, or misleading internal records.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal