HubSpot CRM

Security checks across malware telemetry and agentic risk

Overview

This HubSpot CRM skill does what it says, but it can directly change or delete live customer records without built-in safeguards.

Install only if you are comfortable letting this skill act on your HubSpot CRM. Use a dedicated least-privilege private app token, avoid delete/write scopes unless needed, test on non-production records first, and require human review before running update, association, stage-change, activity-log, or delete commands.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill advertises create, update, move-stage, associate, log, and delete operations against live CRM data without any caution that these actions are state-changing and may be irreversible or business-impacting. A user could unintentionally modify production contacts, deals, or activity history, causing data loss, workflow disruption, or inaccurate sales reporting. The HubSpot CRM context makes this more dangerous because these operations affect real customer and revenue records, not local test data.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill handles sensitive CRM information such as contact details, company data, notes, emails, meetings, and sales activity, yet it provides no privacy or data-handling warning before transmitting that information to the HubSpot API. Users may unknowingly send personal or confidential business data through the tool without understanding retention, access scope, or compliance implications. This is more concerning in CRM context because the data can include PII and sensitive commercial information tied to customers and prospects.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The script performs irreversible contact deletion immediately when invoked, with no confirmation prompt, dry-run mode, or guardrail against accidental execution. In an automation/agent context, a mistaken command, bad parameter, or prompt-influenced action could permanently remove CRM records and disrupt business operations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal