Openclaw Perfexcrm Skill

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate PerfexCRM integration, but it gives an agent broad power to read and change sensitive CRM and financial records with limited guardrails.

Review before installing. Use a dedicated least-privilege PerfexCRM API key, prefer a sandbox first, avoid delete and broad write permissions unless needed, rotate the key, and require explicit human confirmation before creating, updating, deleting, sending ticket replies, touching payments, or modifying staff/customer records.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The skill advertises broad natural-language control over an entire CRM across many resources without clearly constraining when actions should be read-only versus state-changing. In an agent setting, this increases the chance that ambiguous user requests are translated into unintended create, update, or delete operations against sensitive business records.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The examples prominently show write operations such as customer creation and later updates/replies/assignments, but there is no strong warning near those examples that they modify live CRM data. In conversational-agent use, users or downstream tooling may copy these patterns directly, causing accidental changes to production customers, invoices, tickets, or projects.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal