ClawHub

Zendesk

Security checks across malware telemetry and agentic risk

Overview

The Zendesk skill appears purpose-aligned, but it asks users to persist a Zendesk API token in a plaintext local memory file while enabling access to sensitive support data and ticket/user changes.

Review this skill before installing. Use a least-privilege Zendesk token, avoid placing tokens in ~/zendesk/memory.md, prefer environment variables or a secret manager, and rotate any token that was already saved there. Treat its write examples as live production actions and require explicit confirmation before ticket, user, macro, or bulk changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The template explicitly instructs users to store Zendesk subdomain, email, and API token in `~/zendesk/memory.md`, which is a local plaintext markdown file. Plaintext credential storage materially increases the risk of accidental disclosure through local compromise, backups, logs, screen sharing, or later inclusion in repos, and this is not necessary when safer secret storage mechanisms exist.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill explicitly instructs the agent to persist Zendesk credentials, including an API token, in a local memory file for future reuse. Storing reusable secrets outside a dedicated secret store materially increases the risk of credential disclosure through later prompts, other skills, filesystem access, logs, backups, or accidental exfiltration, and this persistence is not necessary to fulfill the immediate ticket-management task.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The file provides ready-to-run authenticated Zendesk API examples, including state-changing operations such as creating tickets, updating status, adding internal notes, bulk updates, creating users, and applying macros, but it does not warn that these actions modify production support data or may expose sensitive ticket/user information. In an agent skill context, this increases the chance of unsafe automation, accidental writes, and unintended disclosure because the examples normalize direct execution against live systems.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill normalizes storing Zendesk credentials in a markdown memory file without a prominent warning that this is insecure. Even though it also mentions environment variables and says not to echo or commit credentials, it still presents plaintext local storage as acceptable guidance, which can lead users to unsafe handling of production support credentials.

Missing User Warnings

High
Confidence
99% confidence
Finding
The setup directs retention of sensitive Zendesk credentials without any user-facing disclosure that the secrets will be stored for future sessions. This undermines informed consent and increases the chance that users will provide high-value credentials without understanding their long-term exposure surface.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill instructs the agent to immediately test credentials by sending them in an authenticated API request, but does not tell the user that their email and token will be transmitted to Zendesk for verification. While sending credentials to the intended service is expected in this context, the lack of disclosure and consent still creates a security and privacy concern, especially for users who may assume credentials are only being collected locally.

Ssd 3

High
Confidence
93% confidence
Finding
These instructions establish a workflow of collecting, validating, and then retaining API credentials as part of normal operation. Embedding secret collection and persistence into the skill's default behavior normalizes excessive access handling and expands the blast radius of any compromise of agent memory or related tooling.

Ssd 3

Critical
Confidence
100% confidence
Finding
The skill directly instructs persistent storage of a Zendesk API token and associated account identifiers in a memory file. An API token is a reusable bearer-like secret for privileged support operations, so compromise of that file could enable unauthorized access to tickets, users, internal notes, and administrative workflows, making the context especially dangerous because the skill targets a live support platform with sensitive customer data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal