ClawHub
Back to skill
v1.0.0

CRM

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:33 AM.

Analysis

This instruction-only CRM skill looks benign, but it guides creation of persistent contact files that users should keep private.

GuidanceThis skill is safe to consider for a local personal CRM. Before using it, decide where the `~/crm/` data should live, protect files containing contact details and notes, and be cautious before enabling cloud sync, Git history, migrations, or bulk edits.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Cascading Failures
SeverityLowConfidenceHighStatusNote
SKILL.md
Sync When Asked - Cloud folder (Dropbox/iCloud/Drive) for multi-device ... Git repo for version history

The skill suggests optional cloud or Git syncing only when asked. This is disclosed and purpose-aligned, but syncing can propagate CRM data and mistakes across devices or services.

User impactIf enabled, CRM records could be copied to a cloud provider or repository and changes could spread beyond the original local folder.
RecommendationOnly enable sync deliberately, confirm what data will be included, and use backups before migrations or bulk edits.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
SKILL.md
Create `~/crm/` folder as the single source of truth ... id, name, email, company, phone, notes, tags, created, updated

The skill guides users to store personal contact details and freeform notes in a persistent local CRM folder. This is expected for the purpose, but it is sensitive personal data that should be protected.

User impactContact details and notes may persist on disk and be reused later as the CRM grows.
RecommendationKeep the CRM folder in a private location, avoid storing secrets in notes, and consider local file permissions or encryption for sensitive contact data.