ClawHub

销售冷启动消息生成器

Security checks across malware telemetry and agentic risk

Overview

This text-only skill generates sales outreach messages and discloses narrow memory use, with privacy cautions around stored prospect details.

Before installing, treat saved sales preferences and outreach history as potentially sensitive business data. Avoid storing unnecessary personal details about prospects, periodically clear the memory files if retention is not needed, and ensure any outreach complies with anti-spam, privacy, and platform rules.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly reads user industry/product information from one memory file and saves generated outreach history to another, but provides no notice, consent flow, retention limits, or access controls. Because the content involves sales profiling and communication history, this creates a realistic privacy and cross-session data leakage risk if sensitive customer or prospect details are retained and later exposed or reused.

Ssd 3

Medium
Confidence
96% confidence
Finding
Persisting sales preferences and outreach history in natural-language memory creates an ongoing risk that personal profiling data, customer attributes, and prior generated messages are retained longer than needed and surfaced to later prompts or other users. In this context, the skill is specifically designed for targeted outreach and profiling, which makes the stored data more sensitive and increases the chance of privacy harm, unintended disclosure, or misuse.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal