ClawHub

Native HubSpot

Security checks across malware telemetry and agentic risk

Overview

This skill is a transparent HubSpot CRM integration that can read and change CRM records using the user's HubSpot token.

Install this only if you want an agent to access your HubSpot CRM. Use a dedicated least-privilege private app token, prefer testing in a sandbox or low-risk account first, and require explicit human approval before running create, update, or associate commands against production records.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README explicitly documents create, update, and associate operations against a live CRM but does not warn that these commands will modify production customer records. In an agent-skill context, that omission increases the risk of accidental destructive or unauthorized changes because users or downstream agents may treat examples as safe read-only queries.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill prominently documents direct authenticated access to a live HubSpot tenant and includes create, update, and association commands, but it does not clearly warn users that these operations will modify production CRM data. In an agent setting, that omission increases the risk of accidental destructive or unauthorized business-data changes because users may treat the skill as read-only or underestimate the consequences of execution.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script can create, update, and associate CRM objects immediately with no confirmation, dry-run mode, or guardrail around destructive or unintended changes. In an agent skill context, this increases the chance of accidental remote state changes from misinterpretation, prompt injection, or operator error affecting production CRM data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal