ClawHub

Attio Apikey

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Attio CRM client, but it gives an agent broad live CRM access, including deletion and generic Attio API access, without enough scoping or safeguards.

Install only if you are comfortable giving this skill API-key access to live Attio data. Use a dedicated least-privilege Attio key, avoid using deletion on production records unless you have independent confirmation and backups, and treat raw or arbitrary-object use as administrator-level CRM access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The file description and implemented helpers clearly expose access beyond companies/people/notes, including generic object queries, tasks, deals, pipelines, and arbitrary object slugs. In an agent skill, this scope expansion is dangerous because the agent can access more CRM data than the manifest implies, undermining least privilege and user expectations.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The --raw path and generic endpoint handling allow arbitrary Attio API requests using the bearer token, not just the advertised CRUD workflows. That effectively turns the skill into a general-purpose authenticated API proxy, enabling unreviewed data access and potentially destructive operations across the tenant.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The README explicitly documents a delete capability but does not provide any warning about irreversible data loss, confirmation requirements, or safe usage expectations. In a skill that performs direct CRUD operations against a live CRM using an API key, this increases the chance of accidental destructive actions by users or downstream agents, potentially causing loss of customer records or notes.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill advertises delete operations and other live CRUD actions against production CRM data without any warning about irreversible changes, confirmation expectations, or safe-use guidance. In an agent context, this makes accidental or prompt-induced destructive actions more likely, especially because the skill is designed for real-time direct execution.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Delete functionality is exposed directly from command-line arguments with no confirmation, dry-run mode, or secondary authorization step. In an agent context, a mistaken prompt, prompt injection, or ambiguous instruction could irreversibly delete CRM records.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal