ClawHub

Sales Rhythm Tracker — Alibaba Iron Army B2B Pipeline

Security checks across malware telemetry and agentic risk

Overview

This is a local sales-pipeline tracker that stores customer and deal notes in plaintext files; the main risks are privacy and accidental exposure, not hidden or malicious behavior.

Install only if you are comfortable keeping customer names, deal status, activity history, and notes in local plaintext markdown files. Avoid storing secrets or regulated data, review outputs before sharing transcripts, and enable the optional cron job only if you want recurring automatic morning brief generation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The README advertises very broad natural-language triggers such as "Morning sales brief," "Pipeline review," and "How is [customer] doing?" without clear activation boundaries or namespacing. In an agent environment, generic phrases can be invoked accidentally from normal conversation or unrelated pasted text, causing unintended reads or writes to the local sales workspace and unintended workflow execution.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The lead-logging format is underspecified: inputs like "New lead: ..." and "Log: [Customer] — [what happened] — [next step]" accept free-form text with no stated boundaries, schema validation, or disambiguation rules. That makes the skill susceptible to prompt/command confusion, where ordinary chat, forwarded messages, or adversarially crafted content could be misinterpreted as instructions and result in unauthorized lead creation or pipeline modification.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger phrases are broad, natural-language sales terms like "follow up," "sales update," and "pipeline review," which could match ordinary conversation and invoke the skill unintentionally. In a skill that reads and writes persistent customer and pipeline data, accidental invocation can lead to unintended data modification, disclosure in chat, or workflow actions based on casual messages.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill description does not clearly warn users up front that it persists lead, customer, and activity data to local markdown files. Because this data may contain personal and commercially sensitive information, users may provide it without informed consent, increasing privacy, compliance, and data-handling risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script prints the recent sales activity log directly to stdout, which can expose sensitive customer, lead, and pipeline details to whoever invoked the skill or to any downstream logging, transcript, or monitoring system. In an agent-skill context, this is more dangerous because agent outputs are often persisted or shown without strict data-minimization, increasing the chance of unintended disclosure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal