ClawHub

Gracie Crm

Security checks across malware telemetry and agentic risk

Overview

This is a local CRM helper that stores and updates sales lead records, with no evidence of hidden network access, credential use, exfiltration, or destructive behavior.

Install this only if you are comfortable keeping lead/contact data in the skill directory. Back up crm.json if the data matters, and review the fixed MASTER_LEAD_LIST.md import path before running the import command.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill reads from a hard-coded path in the user's home directory outside the skill's own working data, which creates an unexpected cross-boundary data access behavior. Even though it only imports a Markdown lead list, this can expose unrelated local business data to the skill and may surprise users who do not expect the tool to inspect files outside its directory.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger section uses broad natural-language conditions such as 'check leads' or 'add a new prospect' without clear scoping, confirmation requirements, or exclusions. In an agent environment, this can cause the CRM skill to activate on loosely related requests and perform lead lookup or data modification against persistent sales records when the user did not explicitly intend to use this tool.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill documents commands that add, import, and modify lead records in crm.json but does not warn that these actions persistently change business data. In an agent-assisted workflow, missing warnings increase the chance of silent data corruption, accidental lead creation, incorrect call logs, or unintended imports because the user may assume the actions are read-only.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The tool persists lead names, phone numbers, notes, and call history to a local JSON file without any explicit notice to the user. This is a privacy and transparency issue because users may enter sensitive contact or sales data without realizing it will remain stored on disk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal