ClawHub

Renatus Icm

Security checks across malware telemetry and agentic risk

Overview

This Renatus campaign skill is mostly purpose-aligned, but it needs Review because it can reuse live browser sessions, export and store lead data, send bulk email, and delete records with weak safeguards.

Install only after reviewing the scripts and using dedicated low-privilege Renatus, Supabase, email, and browser profiles. Do not expose a main browser profile over CDP, avoid production service-role keys unless strictly necessary, keep lead exports and logs private, run dry runs before sending or deleting, and do not enable the cron unsubscribe deletion workflow until the backend unsubscribe flow and deletion safeguards are verified.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (20)

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The skill gives conflicting secret-handling guidance: one section instructs users to copy and fill `config.json` with values including credentials, while a later section says credentials should never be stored in config files. This inconsistency can lead operators to place long-lived secrets in a local file that may be copied, logged, or mishandled, increasing the chance of credential exposure.

Intent-Code Divergence

Low
Confidence
88% confidence
Finding
The documentation downplays CDP access by saying it only reads session tokens, but it explicitly states scripts inspect browser `localStorage/cookies` for auth material. Accessing browser cookies and storage through remote debugging is highly sensitive because those artifacts can be reused to impersonate the user even without the master password.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The page tells users their email has been removed from the mailing list and queued for deletion from the Renatus database within 24 hours, but the implementation only stores the address in localStorage and treats the backend deletion request as optional and non-blocking. This creates a deceptive privacy/compliance issue: users may believe they successfully exercised an unsubscribe or deletion right when no server-side action actually occurred.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The note minimizes the script's behavior by saying it only reads existing browser session tokens, but the embedded JavaScript uses those tokens and cookies to make authenticated API requests against the Renatus backoffice and then persists derived data into local files. This is dangerous because it normalizes token access and can mislead operators into granting a high-trust browser/CDP session to a script that performs authenticated actions beyond passive inspection.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The script’s documentation presents it as a simple email-template generator, but in --event-url mode it connects to a live browser debugging session, inspects localStorage/cookies, and uses the authenticated Renatus session to query protected APIs. This mismatch is dangerous because it hides privileged behavior from users and reviewers, increasing the chance that the tool is run with more trust than warranted and enabling unauthorized access to account-scoped data if reused or modified.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The embedded extraction script claims it only reads existing browser session tokens, but it also uses those tokens and cookies to make authenticated API requests against the Renatus back office. This matters because it normalizes harvesting active session credentials from a debug-connected browser and then programmatically acting on behalf of the logged-in user, increasing the risk of unauthorized data access and abuse if the script or environment is compromised.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
This is a real security/integrity issue because the script is presented as guest registration but actually creates a customer record and explicitly sets IsGuest to false and IsCustomer to true. In the context of an attached authenticated back-office browser session, that mismatch can cause unauthorized account creation, CRM pollution, consent/compliance errors, and registration under the wrong identity model without the operator realizing it.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script logs the user's email address to the browser console, exposing personally identifiable information in a place users are not informed about and that may be collected by shared-device users, support tooling, browser extensions, or remote debugging sessions. While limited in scope, unnecessary client-side logging of PII increases privacy risk without providing essential functionality.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The guide explicitly instructs operators to export bounced contacts together with phone numbers for SMS follow-up, but provides no consent, lawful-basis, opt-in, or privacy-handling guidance. In a marketing context, repurposing contact data from email to SMS increases compliance and privacy risk because bounced email recipients may never have agreed to SMS outreach, and operators may use the exported file without safeguards.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The guide provides direct execution commands for deleting leads individually or in bulk, including processing unsubscribe files, without emphasizing that these actions are irreversible or recommending validation before execution. In an operational workflow, this raises the chance of accidental mass deletion, loss of lead history, and erroneous suppression of legitimate contacts.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The guide instructs implementers to collect and transmit personally identifiable information including name, email, phone number, and source URL, but it does not mention any user-facing privacy notice, consent language, retention policy, or lawful basis for processing. In the context of a public registration form integrated with third-party services, this omission can lead to non-compliant data collection, unexpected disclosure to users, and regulatory/privacy risk if deployed as written.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The document describes an admin export endpoint that returns lead data and is protected only by a static header token, but it does not warn about the sensitivity of exported personal data or the need for strong access-control, rotation, logging, and transport safeguards. In a setup guide for lead collection and export, omission of these precautions can lead operators to expose or weakly protect PII-bearing endpoints, increasing the likelihood of unauthorized data disclosure.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The guide lists highly sensitive secrets including a service-role key, admin export token, third-party credentials, and webhook secrets without any explicit warning about secure handling. Documentation like this can normalize unsafe practices such as pasting secrets into shells, chat, screenshots, repos, or shared notes, which may result in credential compromise and full administrative access to data and functions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The workflow explicitly instructs operators to export lead data using an admin token and shows multiple ways to pass that token on the command line, including inline examples. This increases the risk of credential exposure through shell history, process listings, logs, screenshots, or copied documentation, and it normalizes bulk export of sensitive lead PII without any warning or handling constraints.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The bounce-recovery workflow directs operators to export a CSV of leads with phone numbers and contact them over SMS or WhatsApp, but provides no safeguards around consent, lawful basis, data handling, or message-channel security. This creates privacy, compliance, and misuse risk because personal contact data is being repurposed for another channel after a failed email contact.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The executable flow connects to a browser over CDP, searches contexts for localStorage auth material and XSRF tokens, and proceeds without presenting a runtime warning or consent checkpoint to the operator. In this skill context, that is more dangerous because the script is intentionally designed to operate inside an authenticated back-office session, so silently reusing existing browser credentials could surprise users and expose privileged business data or actions through a broad local debugging interface.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script deliberately attaches to a live authenticated browser session, reads authentication material from localStorage and cookies, and uses those credentials to perform privileged API actions. Even though it is framed as operational automation, this is credential-sensitive session riding without an explicit safety gate, which increases the risk of misuse, accidental execution against the wrong session, or abuse on a host where CDP is exposed.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script supports bulk deletion from a file and can irreversibly remove multiple leads once --execute is supplied, but the interface provides no strong warning, preview requirement, per-item confirmation, or rollback protection. In the context of CRM/backoffice data, a malformed file, operator mistake, or maliciously supplied input could trigger large-scale destructive changes with limited safeguards.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script exports lead records containing personal data such as names, emails, phone numbers, notes, and metadata into local CSV/JSON files in a fixed workspace path. In an agent or shared host context, silently persisting this data increases the risk of unintended retention, local disclosure, and secondary access by other tools or users, especially because no permission prompt, warning, minimization, or file permission hardening is present.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script writes unsubscribe email addresses to timestamped plaintext files on disk in a data directory, creating a persistent store of personal data outside the browser. If the host is multi-user, backed up broadly, or has weak file permissions, these files can expose subscriber privacy data and create unnecessary retention of sensitive contact information.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal