ClawHub

Feishu CRM Lite

Security checks across malware telemetry and agentic risk

Overview

This CRM skill appears purpose-aligned, but it handles customer data and destructive record actions without enough disclosure or user-control safeguards.

Review this skill before installing. Use it only if you are comfortable storing customer and sales data in the described environment, and require explicit confirmation before deleting, importing, exporting, or sending reminders. Avoid entering unnecessary personal data until the publisher clarifies storage location, retention, access controls, and which features are actually implemented.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The README advertises CRM management, follow-up tracking, reminders, funnel analytics, and reporting as available features, while the development plan states those same capabilities are still pending. This is a deceptive mismatch that can mislead users into relying on functionality that does not exist, which is especially risky for a business-data skill because users may expose customer data or make operational decisions based on false assumptions.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README describes potentially destructive or externally impactful actions such as creating, updating, deleting, importing/exporting customer records, sending reminders, and generating reports without any warning about data handling, side effects, or required confirmation. In a CRM context, this increases the chance that users will trigger actions affecting customer data or communications without understanding the consequences.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger list includes very generic terms such as “提醒”, “销售”, and “customer”, which can cause the skill to activate in unrelated conversations. Because this skill can manage, modify, and store CRM/customer records, unintended invocation could lead to accidental access to customer data or unintended record changes.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The functionality description says the skill can create, update, delete, import, and export customer records, but it does not warn users that these are potentially destructive operations affecting persistent Feishu Bitable data. In a CRM context, silent persistence and modification of business data increases the risk of accidental data loss, integrity issues, and unauthorized handling if users do not understand the consequences.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The examples include handling personal data such as names, phone numbers, email addresses, communication history, and sales status, but there is no privacy notice or guidance on sensitive data handling. In a CRM skill, this omission is more dangerous because the workflow is centered on collecting and storing personal and commercial information that may be regulated or confidential.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill persistently stores CRM customer, follow-up, and reminder data as plaintext JSON files under a local data directory without any access control, encryption, retention policy, or user-facing disclosure. Because this data includes contact names, phone numbers, email addresses, notes, and deal information, compromise of the host, shared-user environments, backups, or accidental file exposure can leak sensitive business and personal information.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal