critical
suspicious.env_credential_access
- Location
- dist/index.js:12
- Finding
- Environment variable access combined with network send.
CRMy
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.env_credential_access
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
NoteHigh Confidence
ASI02: Tool Misuse and ExploitationWhat this means
The assistant can make persistent CRM changes, such as creating contacts, updating contact fields, logging activities, and moving relationship or deal state when the workflow calls for it.
Why it was flagged
The plugin exposes tools that can create and update CRM records through the CRMy API. This matches the stated CRM-management purpose, but it is still meaningful mutation authority over business data.
Skill content
handler: async (input) => client.post('/contacts', input) ... handler: async ({ id, ...rest }) => client.patch(`/contacts/${id as string}`, rest)Recommendation
Use the skill only if you want the agent to manage CRMy data. Keep human confirmation for important updates, stage changes, and bulk actions, and verify search matches before writing.
NoteHigh Confidence
ASI03: Identity and Privilege AbuseWhat this means
Anyone who can direct this skill through the agent can cause authenticated actions against the configured CRMy server within the API key's permissions.
Why it was flagged
The plugin reads a CRMy API key from configured sources and uses it as a Bearer token for CRMy API requests. This is expected for authenticated CRM access, but the credential grants account authority.
Skill content
const raw = fs.readFileSync(path.join(os.homedir(), '.crmy', 'config.json'), 'utf-8'); ... const apiKey = pluginConfig?.apiKey ?? process.env.CRMY_API_KEY ?? fileConfig.apiKey ?? ''; ... 'Authorization': `Bearer ${cfg.apiKey}`Recommendation
Use a trusted CRMy server URL, prefer a least-privilege API key, protect ~/.crmy/config.json and CRMY_API_KEY, and avoid running the skill in environments where untrusted prompts can trigger CRM writes.
Findings (2)
critical
suspicious.env_credential_access
- Location
- src/client.ts:25
- Finding
- Environment variable access combined with network send.