ClawHub

DoctorClaw Lead Qualifier

Security checks across malware telemetry and agentic risk

Overview

This lead-qualification skill is mostly legitimate, but it can send lead data and update sales records with weak safeguards and a hard-coded alert recipient.

Install only after replacing the “Stephen” alert with your configured recipient. Use least-privilege CRM and email access, start in report-only mode, and require explicit approval before sending outreach, sending alerts containing lead details, or updating lead status, especially if enabling cron.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs the agent to send outreach emails and update lead status in external systems, but it does not include clear guardrails about handling personal data, obtaining user approval before modifying third-party systems, or confirming recipients and destinations. In a lead-processing context, this can cause unintended disclosure of customer data, accidental outbound messaging, or unauthorized CRM changes if the agent acts too broadly or on misinterpreted input.

Natural-Language Policy Violations

Low
Confidence
84% confidence
Finding
Hardcoding or strongly implying that hot lead alerts should go to a specific person ('Stephen') can route sensitive lead information to the wrong individual or an unintended mailbox if reused in another environment. While this is not an exploit by itself, it creates a misdelivery risk and encourages hidden assumptions about who is authorized to receive prospect data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal