ClawHub

Sales Automation Workflows Agent

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward n8n business automation guidance skill, but users should review generated workflows before connecting real business accounts.

Use this skill with sandbox or sanitized test data first. Before enabling generated n8n workflows, confirm every connected account is authorized, store secrets in n8n credential storage, use least-privilege API keys, and require manual approval for customer emails, invoices, payment-related actions, social posts, and bulk data sync.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrases are generic business terms such as "automate workflow," "connect apps," and "business automation," which can overlap with many ordinary user requests and cause the skill to activate unintentionally. In this context, unintended invocation is risky because the skill is designed to build integrations and automation flows that may handle external systems, credentials, and business data, increasing the chance of inappropriate guidance or action in the wrong conversation.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill promotes connecting CRMs, email systems, e-commerce tools, forms, and AI workflows, but does not warn users that these automations may send customer or business data to third-party APIs, webhooks, or cloud services. That omission can lead users to share sensitive data without informed consent or proper review of data handling, especially in a workflow-automation context where cross-system transmission is a core feature.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal