成交加速器 / Deal Closer

Security checks across malware telemetry and agentic risk

Overview

This CRM skill is coherent and mostly disclosed, but it needs Review because it can read mailboxes, send email, and change CRM data without strong built-in confirmation or scoping.

Install only if you are comfortable granting this skill access to sales records and, if enabled, mailbox credentials. Use a dedicated mailbox or app password where possible, protect the local data directory, avoid storing unnecessary email snippets, and require manual review before delete/import/export actions or any outbound email.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (13)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: Using open-ended triggers like 'or similar intent' for deal-management actions makes the activation boundary unclear and can cause the skill to execute state-changing operations when the user is only discussing sales workflow conceptually. In a CRM skill with delete, update, import, and export capabilities, ambiguous matching increases the risk of unintended file modification or destructive actions.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The email-scanning flow is triggered by broad phrases including 'or similar intent,' without clear boundaries or consent checkpoints. Because this feature can access and analyze mailbox contents, ambiguous invocation can lead to unintentional privacy-invasive processing of sensitive communications.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The follow-up email workflow uses open-ended intent matching even though it can draft schedules and, elsewhere in the skill, directly send follow-up emails. In a sales/email context, ambiguous triggering can result in unintended outreach or creation of customer-facing content based on incomplete or misinterpreted user requests.

Vague Triggers

Medium

Confidence: 96% confidence
Finding: The IMAP/SMTP workflow has very broad trigger wording despite enabling inbox retrieval, search, send, and reply actions against real email accounts. This combination makes the skill especially dangerous because ordinary conversational requests about email could be misclassified into high-impact actions affecting confidential data or causing outbound communications.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill advertises mailbox scanning and signal extraction but does not clearly warn users that it will access and analyze the content and metadata of their emails. In a CRM/sales assistant context, emails can contain confidential customer data, negotiations, attachments, and personal information, so missing disclosure undermines informed consent and privacy expectations.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The native IMAP/SMTP section lacks explicit warning for high-impact operations such as reading the inbox, searching mailbox contents, sending email, and replying on the user's behalf. These actions can expose sensitive communications and create real-world consequences with customers if performed unexpectedly or under ambiguous user intent.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The README promotes mailbox scanning and direct IMAP/SMTP connectivity but does not clearly warn users that the skill may access full mailbox contents and requires handling sensitive credentials. In a CRM/email-integrated skill, this omission can lead to users enabling broad email access without understanding privacy, credential exposure, or over-collection risks.

Missing User Warnings

Low

Confidence: 76% confidence
Finding: The AI follow-up drafting feature states it uses deal context and interaction history, but the README does not clearly disclose that potentially sensitive customer and sales data will be processed to generate content. This is less severe than credentialed mailbox access, but it still creates privacy and data handling risks because users may not realize what contextual information is being consumed.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The guide says email scanning and signal extraction will be enabled, but it does not clearly disclose that the product will access, read, and process mailbox contents and related metadata. In a CRM/sales-assistant context, that omission can mislead users about the privacy impact of authorization and result in overbroad or uninformed consent for sensitive email data processing.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The module actively connects to Gmail, Outlook, and IMAP sources, fetches message metadata/snippets, and stores them locally in emails.json. Even if this is product-intended behavior, it processes potentially sensitive communications data without any in-function notice, consent check, minimization, or retention controls, creating a real privacy and compliance risk if users are unaware or if local storage is exposed.

Missing User Warnings

Medium

Confidence: 82% confidence
Finding: The code reads mailbox credentials and token material from environment variables and credential files, then uses them to access external mailboxes. While environment variables are a common mechanism, doing this silently in an agent skill increases the chance that a user grants broad mailbox access without understanding the sensitivity or scope of what the skill can read.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The send_draft function directly sends email via imap_mod.send_email() using deal data and caller-supplied subject/body with no confirmation, approval gate, dry-run mode, or recipient safety checks visible in this file. In a CRM assistant handling real customer contacts, this creates a material risk of unintended outbound email, misdelivery, spam/phishing-like messaging, and privacy/compliance issues if an agent or upstream workflow triggers the action automatically.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The module persists sensitive business data such as deal outcomes, notes, loss reasons, and learned patterns to local JSON files, but there is no visible consent flow, disclosure, retention control, or access protection in this file. In a CRM context, these fields can contain confidential commercial information and personal data, so silent persistence increases privacy, compliance, and data exposure risk if the host environment is shared or compromised.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal