ClawHub

Cargo Gtm

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent Cargo prospecting workflow, but it needs Review because it can enrich personal data, send it to multiple third parties, mutate CRM/sequencer records, and set recurring monitoring with limited consent and confirmation guardrails.

Review before installing. Use this only in workspaces where your team is authorized to process prospect, account, and deal data with Cargo and the named providers. Require explicit approval before enrichment, reverse lookup, visitor identification, CRM or sequencer writes, Slack/webhook sends, scheduled monitoring, or LLM analysis of internal data; minimize fields, honor suppression and opt-out lists, and verify vendor/privacy requirements first.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (15)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The recipe begins as a funding-watch workflow but then broadens into generic event monitoring, CRM enrichment, outbound sequencing, and Slack/webhook activation. That scope expansion increases the chance an agent will move from passive analysis into external actions or data mutation without a clear user confirmation boundary, which is risky in an automation skill.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
Recommending a generic `http.call` webhook pattern in a funding-watch recipe creates an open-ended egress path that is not tightly scoped to the stated use case. In agent settings, generic HTTP actions are dangerous because they can transmit internal prospect data or event data to arbitrary endpoints with little built-in validation.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The manifest description is intentionally broad enough to trigger on many ordinary sales, lead, account, or campaign-related requests, which increases the chance the skill activates in contexts where the user did not explicitly request prospecting or personal-data processing. Because this skill fronts contact discovery, enrichment, verification, CRM sync, and signal monitoring, overbroad activation can lead to unnecessary handling of sensitive business and personal data and unintended external-provider calls.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill extensively covers contact lookup, email/phone discovery, LinkedIn resolution, verification, signal monitoring, and downloading outputs, but it does not present a user-facing privacy or data-handling warning before those workflows. In this context, the missing disclosure is risky because the skill is explicitly designed to process personal and account data across multiple providers, making silent collection, enrichment, and export easier than users may expect.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The guide explicitly recommends visitor de-anonymization via `snitcher.searchSessions` followed by `cargo.matchProspect` without any privacy warning, consent requirements, or usage restrictions. In a lead-generation skill focused on sourcing prospects and contacts, this normalizes potentially privacy-invasive identification of website visitors and could enable collection or enrichment of personal data without adequate notice or lawful basis.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The guide instructs users to push enriched, scored, and personalized lead data into third-party sequencers and CRMs without any privacy, consent, data-minimization, or cross-border transfer warning. Because this skill is specifically designed for prospecting and outreach workflows, it increases the likelihood that users will transmit personal data such as names, emails, job titles, enrichment signals, and AI-generated profiling outputs to external services without appropriate legal or organizational review.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
This playbook explicitly documents person-level enrichment and monitoring actions such as contact detail lookup, LinkedIn profile/post retrieval, and prospect event tracking, but provides no privacy, consent, minimization, or lawful-use guidance. In a lead-generation skill whose stated purpose includes sourcing, lookup, sequencing, and signal monitoring, that omission materially increases the risk of misuse for intrusive surveillance, non-compliant data processing, or harvesting of personal data beyond what is necessary.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The playbook explicitly instructs enrichment of person records using personal identifiers such as email, phone, LinkedIn URL, and name-plus-company combinations, but provides no guidance on lawful basis, consent, data minimization, retention, or handling restrictions. In a lead-generation and prospecting skill, this omission increases the risk of privacy-law violations, over-collection of personal data, and unsafe downstream use of sensitive contact information.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The recipe explicitly instructs the agent to find contacts, discover emails, and verify those emails, but it provides no privacy, consent, lawful-basis, or acceptable-use guardrails before handling personal data. In a lead-generation skill, that omission can enable non-compliant collection and processing of personal contact information at scale, increasing risk of privacy-law violations, unwanted outreach, and misuse of verified personal data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The recipe describes recurring scans, writing signal rows, pushing updates to HubSpot, and posting Slack notifications without any warning that these steps modify records or send data to external services. In an agentic environment, omission of confirmation and disclosure controls can cause unintended persistence changes or outbound data sharing beyond the user's immediate intent.

Missing User Warnings

High
Confidence
97% confidence
Finding
The recipe directs the agent to export deal/company data into multiple external services, including enrichment providers and an LLM, without an explicit user-facing warning or consent checkpoint. Even if only company-level fields are shown in the example, real deal datasets can contain sensitive commercial data, and transmitting them to third parties can create confidentiality, privacy, contractual, and compliance risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The recipe instructs users to transmit personal contact identifiers such as work email, LinkedIn URL, and company domain to an external provider (`waterfall.detectJobChange`) but does not mention consent, lawful basis, data processing terms, minimization, or cross-border/privacy considerations. In a GTM workflow, this omission can cause unauthorized sharing of personal data with a third party, creating privacy, contractual, and regulatory exposure even if the action is operationally intended.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The recipe instructs the agent to send an email address to an external reverse-email lookup provider as a fallback, but it does not require any user notice, consent check, or policy gate before transmitting potentially personal or work-contact data. In a lead-enrichment skill, this is contextually plausible functionality, but the absence of privacy-sensitive handling guidance creates a real risk of unauthorized disclosure or non-compliant processing of personal data.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This recipe operationalizes bulk collection, enrichment, and verification of named individuals' work contact data for outbound prospecting, but provides no privacy, consent, lawful-basis, retention, or jurisdictional compliance guidance. In a sales-automation context, that omission increases the risk of non-compliant processing of personal data and abusive outreach at scale, especially when combining investor affiliation, LinkedIn activity, and verified email addresses.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This recipe sends prospect names, company domains, LinkedIn URLs, and email addresses to several third-party providers (e.g. FullEnrich, waterfall, peopleDataLabs) without any explicit step requiring user confirmation, lawful basis review, or disclosure that data will be shared externally. In a GTM/prospecting context this behavior is expected functionally, but it still creates real privacy, compliance, and trust risk because operators may unknowingly transmit personal data across multiple vendors.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal