ClawHub

Salesforce AI Agentforce

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Salesforce Agentforce helper; it does not install code or run actions itself, but users should be careful with the Salesforce commands and AI examples they copy from it.

Install this only if you want Salesforce Agentforce Builder guidance. Before copying commands or examples, confirm the target org, prefer a sandbox or scratch org, avoid live-action previews in production unless deliberate, and minimize sensitive customer or business data sent to Models API or posted to Chatter.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill enables implicit invocation via `allow_implicit_invocation: true`, which can cause the agent to activate this skill without sufficiently specific trigger constraints. In a metadata-management skill for Salesforce Agentforce, unintended invocation could expose the model to sensitive configuration workflows or cause it to provide high-impact guidance in the wrong context, increasing the risk of unsafe or over-privileged actions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The preview examples show `--use-live-actions` without a nearby warning that it triggers real Apex/Flow actions against the target org, which can mutate data, invoke integrations, or cause side effects during what users may assume is a safe preview session. In a CLI reference for agent workflows, this omission is materially risky because operators may copy-paste commands directly into production-like environments.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The examples send case and opportunity fields such as descriptions, subjects, stages, amounts, and other record context into AI prompts without an explicit privacy warning, data-classification guidance, or minimization controls in the example itself. In a builder/reference skill, readers may copy this pattern directly into production and unintentionally transmit sensitive customer or business data to generative AI features without informed review, creating confidentiality, compliance, and governance risk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The Chatter example generates AI content from account data and posts it to a feed, but it does not clearly warn that the resulting text may become visible to other users through shared collaboration surfaces. That omission is risky because AI output can expose sensitive account details, hallucinated claims, or internal analysis in a broadly visible channel, especially if readers copy the example as-is.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal