ClawHub

Sales Dashboard

Security checks across malware telemetry and agentic risk

Overview

This sales reporting skill is coherent, but it handles sensitive CRM data and can send reports to Discord on a schedule without enough scoping or review controls.

Review before installing. Confirm which OKKI credentials and .env files it will use, restrict Discord delivery to approved private channels, inspect or disable the cron jobs if unattended reporting is not intended, and avoid sending unreviewed reports that may contain confidential customer or sales information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly documents pushing generated reports and alerts to Discord, an external third-party service, but provides no warning, consent step, or guidance on limiting sensitive business data before transmission. Because the reports aggregate CRM, order, lead, and campaign metrics, this can expose confidential commercial information to external infrastructure, broader channel audiences, or retained message history.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The scheduled automation section states that cron jobs automatically collect, calculate, generate, and push reports on a recurring basis, but omits any warning that sensitive data exfiltration can happen unattended. This increases risk because once enabled, business metrics may be transmitted externally on a schedule without human review, making accidental disclosure persistent and harder to notice.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The collector retrieves broad CRM datasets, including customers, orders, quotations, leads, and opportunities, and then persists aggregated results to local files. In this context, the code also stores full raw records in memory and only attempts to strip some raw fields at save time; this creates a real risk of sensitive business and customer data being written to disk or exposed through logs/snapshots without explicit minimization or consent controls.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal