ClawHub

openclaw-crm

Security checks across malware telemetry and agentic risk

Overview

This local CRM skill is coherent, but it needs review because it can expose CRM data through shared files and perform high-impact backup/restore file writes.

Install only if you are comfortable with local agents reading generated CRM Markdown files and with backup/restore commands touching persistent CRM data. Keep the workspace private, exclude interchange and backup files from public sync or source control, and prefer running backup/restore only with explicit, reviewed paths.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Intent-Code Divergence

High
Confidence
96% confidence
Finding
The module-level security claim is contradicted by the implementation: while ops files may omit sensitive data, the same generator also emits state markdown containing deal values, contact names, companies, and emails. This mismatch is dangerous because downstream users or agents may trust the documented privacy boundary and handle the generated interchange files less carefully, causing unintended exposure of CRM data.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README explicitly states that CRM state, including pipeline and contact information, is published to Markdown files for access by other agents, but it provides no warning that this data may contain sensitive personal or business information. In a CRM context, exposing contacts, deal status, notes, and follow-ups to broader agent consumption increases the risk of unintended disclosure, over-sharing, or insecure downstream handling.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The documented restore command lacks any warning that restoring from backup can overwrite or replace current CRM data, which can lead to accidental data loss or rollback if used incorrectly. In a local-first CRM managing leads and deal state, this can disrupt operations and erase recent updates even without an external attacker.

Missing User Warnings

High
Confidence
92% confidence
Finding
The restore command performs a potentially destructive database overwrite immediately from a user-provided file path, with no confirmation, dry-run, backup-on-restore, or validation guardrails visible in the CLI layer. In a local CRM handling business data, accidental invocation, path mistakes, or restoration of an untrusted backup could cause irreversible loss or corruption of the active database.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This code exports sensitive business and personal data into markdown files, including deal value, source, contact name, company, email, and free-form activity content. In an agent skill/interchange context, markdown files are often easy to index, sync, inspect, or forward, so writing this data without clear sensitivity labeling or safeguards increases the risk of accidental disclosure beyond the CRM's intended access controls.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal