ClawHub

Dex CRM

Security checks across malware telemetry and agentic risk

Overview

The skill appears aimed at Dex CRM management, but it exposes broad write, delete, and bulk-archive authority over CRM data beyond the narrower stated use cases.

Review before installing. Only use this with a Dex API key you are comfortable granting read/write CRM access, run cleanup in dry-run mode first, and do not allow delete or archive operations unless you have reviewed the exact target contacts, notes, or reminders.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill requires both network access and a secret API key from the environment, but those capabilities are not explicitly declared in a permissions model. That creates a governance gap: reviewers and policy engines may underestimate what the skill can access and transmit, especially because the API key authorizes read and write operations against sensitive CRM data.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The README advertises capabilities to create and archive contacts that are outside the declared skill scope, which can mislead users and downstream tooling about what operations the skill may perform. In a CRM context, undocumented write/delete-like actions are security-relevant because they can alter or remove user data, increasing the risk of unintended destructive actions.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The documented cleanup script performs bulk archival of contacts, which materially exceeds the stated use cases and introduces a mass-modification pathway against user CRM data. In this skill context, bulk archival is especially dangerous because it can silently hide or disrupt access to legitimate contacts at scale if invoked carelessly or by a confused user.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The manifest describes searching, adding notes, creating/checking reminders, and looking up contact details, but the documentation also exposes contact creation, modification, and deletion. This expands the real authority of the skill beyond what a user or reviewer would reasonably expect, increasing the risk of unintended or unauthorized destructive changes to CRM records.

Description-Behavior Mismatch

Low
Confidence
80% confidence
Finding
The skill description says it can add notes, but the documentation also includes update and delete note operations. This mismatch matters because edit and delete rights are more sensitive than append-only note creation and could enable silent alteration or removal of relationship history.

Description-Behavior Mismatch

Low
Confidence
78% confidence
Finding
The manifest mentions creating or checking reminders, but the documentation also supports updating and deleting reminders. This is a scope expansion that can let the skill suppress or alter follow-up tasks unexpectedly, which is less severe than contact deletion but still affects user workflows and trust.

Description-Behavior Mismatch

Medium
Confidence
71% confidence
Finding
The script performs bulk archival of contacts, which is a destructive data-management action that goes beyond the narrower user-facing workflows described in the skill metadata. In an agent context, this increases the risk of unintended mass modification of a user's CRM data if the script is invoked without clear user confirmation or guardrails.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README shows how to run the cleanup script but does not clearly and prominently warn that omitting --dry-run will modify Dex data by archiving contacts. This is dangerous because users may copy-paste the command without understanding that it triggers irreversible or hard-to-notice state changes to their CRM dataset.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal