Follow Up Boss

AdvisoryAudited by Static analysis on May 10, 2026.

Overview

Detected: suspicious.env_credential_access, suspicious.exposed_secret_literal

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

ConcernHigh Confidence

ASI02: Tool Misuse and Exploitation

What this means

An agent or user could accidentally change CRM contacts, tasks, deals, or webhook configuration.

Why it was flagged

The documented CLI exposes account-changing and delete operations through raw JSON/id arguments, but the artifact does not define confirmation, dry-run, scoping, or approval rules for these high-impact actions.

Skill content

`people update <id> <json>`; `tasks complete <id>`; `deals create <json>`; `webhooks create <json>`; `webhooks delete <id>`

Recommendation

Require explicit user confirmation for create/update/delete operations, use the least-privileged Follow Up Boss API key available, and test in a non-production account when possible.

NoteHigh Confidence

ASI03: Identity and Privilege Abuse

What this means

Installing users may not realize from metadata alone that the skill needs an API key with access to their CRM account.

Why it was flagged

The skill requires a Follow Up Boss API key and uses it for authenticated API calls. This is purpose-aligned, but the registry metadata says no required env vars and no primary credential.

Skill content

const API_KEY = process.env.FUB_API_KEY || ''; ... 'Authorization': 'Basic ' + Buffer.from(API_KEY + ':').toString('base64')

Recommendation

Declare FUB_API_KEY as a required credential/env var and document the minimum permissions the key should have.

ConcernHigh Confidence

ASI08: Cascading Failures

What this means

A bad lead/event creation could trigger CRM workflows, notifications, assignments, or other automations.

Why it was flagged

The skill explicitly creates events that can trigger Follow Up Boss automations, so a mistaken command can propagate beyond a single record.

Skill content

`people create <json>` | Create person via /events (triggers automations) ... `events create <json>` | Create event (for lead intake)

Recommendation

Add guardrails requiring confirmation before event creation and clearly warn users when a command can trigger downstream automations.

NoteMedium Confidence

ASI04: Agentic Supply Chain Vulnerabilities

What this means

Users have less context for deciding whether to trust this code with CRM account access.

Why it was flagged

The skill handles a CRM API credential, but its source/provenance is not identified in the supplied metadata.

Skill content

Source: unknown; Homepage: none

Recommendation

Provide a homepage/source repository and review the included fub.js before using a production API key.

Findings (2)

critical

suspicious.env_credential_access

Location: fub.js:48
Finding: Environment variable access combined with network send.

critical

suspicious.exposed_secret_literal

Location: SKILL.md:16
Finding: File appears to expose a hardcoded API secret or token.