ClawHub

ZohoProject

Security checks across malware telemetry and agentic risk

Overview

This Zoho Projects helper is mostly coherent, but it gives agents broad power over live project data without enough safeguards for deletion, credentials, or tenant selection.

Review before installing. Use the narrowest Zoho OAuth scopes that support your needs, avoid unused bug/admin-style access, protect refresh tokens and client secrets, and require explicit confirmation before any create, update, time-log, or delete action. Do not rely on remembered project IDs for specific organizations unless you have verified the current portal and project from fresh Zoho API results.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The instruction to apply project IDs stored in memory for specific organizations introduces cross-user and cross-tenant data handling risk that is not justified by the general Zoho Projects management purpose. Persisting organization-specific identifiers in agent memory can cause misrouting of actions, unintended disclosure of internal customer associations, or accidental operations against the wrong tenant/project.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill exposes a destructive delete operation without warning, confirmation guidance, or safeguards. In an agent setting, this increases the chance of irreversible task deletion from ambiguous prompts, mis-targeted IDs, or prompt injection that coerces the agent into destructive actions.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The skill requests access tokens, refresh tokens, client IDs, and client secrets but does not include clear handling constraints such as not logging, echoing, storing insecurely, or exposing them back to users. In a skill that directly constructs authenticated requests, weak credential-handling guidance materially increases the risk of accidental secret leakage through logs, memory, transcripts, or misconfiguration.

VirusTotal

52/52 vendors flagged this skill as clean.

View on VirusTotal