ClawHub

GHL CRM for Realtors

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real GoHighLevel CRM helper, but it exposes broad live CRM and business-account actions with several under-disclosed privacy and credential-handling risks.

Install only if you intend to let an agent use a GoHighLevel private integration token for live CRM data and account actions. Use a least-privilege sub-account token, do not echo or paste the raw token, avoid running live POST/DELETE examples unless you want real changes, and require explicit confirmation before sending messages, changing contacts, creating invoices or appointments, enrolling workflows, deleting records, or posting to social channels.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The function advertises selective tag removal but ignores the supplied tags argument and issues a bare DELETE to the contact tags endpoint. In a CRM context, that can remove all tags from a contact instead of only the intended subset, causing unauthorized or accidental broad state changes that may disrupt segmentation, automations, and compliance workflows.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The docstring says the wizard only checks setup and tests connectivity, but the script also fetches and prints actual contact records later. This mismatch can mislead operators into running a script that accesses customer data without understanding that it will process and display PII.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The troubleshooting guide includes shell commands that directly expose use of a live bearer token and perform real API operations, including creating a contact. Even though the token value itself is referenced via environment variables rather than hardcoded, the documentation encourages users to send sensitive credentials to a production endpoint and trigger side effects without any warning about credential handling, test environments, or data creation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The quick-win step automatically pulls and displays the first five contacts, including personal fields, without a clear upfront warning or consent gate. In a shared terminal, recorded session, or support workflow, this can unnecessarily expose customer PII to unauthorized viewers.

Ssd 3

Medium
Confidence
94% confidence
Finding
Using real contact records as the default success demonstration normalizes unnecessary access to live customer data and displays email, phone, and tags by default. This increases privacy risk and broadens the blast radius of accidental disclosure during onboarding, demos, screenshots, or terminal logging.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal