ClawHub

Baserow

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Baserow CRM helper, but it includes a live-looking static API token and enables authenticated CRM writes, so users should review it before installing.

Do not use the embedded token value. Treat it as compromised, rotate it if it belongs to you, and replace it with your own least-privilege Baserow token stored outside committed skill text. Before any write operation, manually verify the exact table, row ID, and fields being changed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The skill explicitly documents use of a long-lived personal API token from local environment variables for direct access to a production Baserow instance. Even if the literal secret is not shown in this exact block, normalizing use of a static personal token in operational guidance increases the chance of credential reuse, leakage, and unauthorized API access if the workspace or logs are exposed.

Context-Inappropriate Capability

High
Confidence
100% confidence
Finding
This section includes what appears to be an actual token value in a .env example, which is direct credential exposure in documentation. If valid, anyone with access to the skill file can use the token to read or modify CRM data in the referenced Baserow instance, making this far more severe than a generic placeholder example.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill instructs agents to use a personal static API token but provides no warning about sensitivity, scope, storage risk, or rotation. In a skill intended to automate reads and writes to business CRM data, that omission makes accidental disclosure and unsafe operational practices significantly more likely.

Missing User Warnings

High
Confidence
100% confidence
Finding
The example .env block appears to expose a concrete token and does so without any warning that it is a secret requiring protection. This teaches insecure behavior and may constitute an active secret leak, enabling unauthorized access to the remote Baserow environment.

Ssd 3

High
Confidence
99% confidence
Finding
The documentation operationalizes reuse of what looks like a real personal API token in plain text, turning secret exposure into part of the normal workflow. Because the skill is specifically designed to perform authenticated CRUD operations against a live CRM backend, compromise of this token could directly enable data theft, tampering, or destructive updates.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal