ClawHub

Attio Enhanced CRM

Security checks across malware telemetry and agentic risk

Overview

This Attio CRM skill appears purpose-built rather than malicious, but it can bulk-write live CRM data and has under-disclosed logging and dependency risks that users should review before installing.

Install only if you are comfortable giving the skill an Attio API key that can create or modify CRM records. Use a least-privilege, revocable Attio token, test on a small dataset or sandbox first, review logs for sensitive CRM data, and prefer pinned dependency versions before production use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (7)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README promotes contact/company enrichment from external sources and bulk import/export, but it does not warn users that CRM records may be transmitted to third parties or processed at scale, creating privacy, consent, and data-governance risk. In a CRM integration context, the data likely includes personal and commercial information, so omission of disclosure and handling guidance makes unsafe deployment more likely.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly advertises batch create/update capabilities against a production CRM but does not warn users that these operations can modify large amounts of live customer data at once. In an agent setting, missing this warning increases the chance of accidental bulk writes, overwrites, or mass data corruption through normal use rather than an exploit by an attacker.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28.0
aiohttp>=3.8.0
tenacity>=8.0.0
Confidence
95% confidence
Finding
requests>=2.28.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28.0
aiohttp>=3.8.0
tenacity>=8.0.0
Confidence
95% confidence
Finding
aiohttp>=3.8.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28.0
aiohttp>=3.8.0
tenacity>=8.0.0
Confidence
93% confidence
Finding
tenacity>=8.0.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
90% confidence
Finding
requests

Known Vulnerable Dependency: aiohttp — 10 advisory(ies): CVE-2024-52303 (aiohttp has a memory leak when middleware is enabled when requesting a resource ); CVE-2026-34514 (AIOHTTP has CRLF injection through multipart part content type header constructi); CVE-2026-34517 (AIOHTTP has late size enforcement for non-file multipart fields causes memory Do) +7 more

High
Category
Supply Chain
Confidence
88% confidence
Finding
aiohttp

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal