ClawHub

HubSpot

PassAudited by VirusTotal on May 12, 2026.

Overview

Type: OpenClaw Skill Name: hubspot Version: 1.0.1 The skill bundle provides a legitimate integration with the HubSpot CRM and CMS API. All `curl` commands target the official `https://api.hubapi.com` domain and use the `HUBSPOT_ACCESS_TOKEN` as expected for authentication. There is no evidence of data exfiltration to unauthorized endpoints, malicious command execution, persistence mechanisms, obfuscation, or prompt injection attempts against the agent to subvert its intended behavior. The use of `curl` and `jq` is standard for API interaction, and while placeholders like `{contactId}` could present a shell injection vulnerability if the agent's execution environment does not properly sanitize user input, this is a platform-level vulnerability rather than malicious intent within the skill's content itself.

Findings (0)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Note
ASI02: Tool Misuse and Exploitation
What this means

An agent using this skill could create or update HubSpot contacts, deals, owners, or associations if given the needed token and IDs.

Why it was flagged

The skill documents direct API calls that can create or modify HubSpot CRM objects. This is aligned with the HubSpot integration purpose, but it is still a user-visible capability because mistaken execution could change business records.

Skill content
curl -s -X POST ... "https://api.hubapi.com/crm/v3/objects/deals" | jq ... curl -s -X PATCH ... "https://api.hubapi.com/crm/v3/objects/contacts/{contactId}" | jq
Recommendation

Use the mutating commands only after confirming the target record and desired changes; test with non-production data when possible.

Note
ASI03: Identity and Privilege Abuse
What this means

Anyone or any agent process with this token can act within the HubSpot permissions granted to that private app.

Why it was flagged

The skill requires a HubSpot private app token, which is expected for HubSpot API access. The artifacts do not show token logging, hardcoding of a real token, or transmission to unrelated endpoints.

Skill content
Set your HubSpot Private App access token: HUBSPOT_ACCESS_TOKEN=pat-na2-xxxxx ... Authorization header: Bearer $HUBSPOT_ACCESS_TOKEN
Recommendation

Create a dedicated HubSpot private app token with only the scopes needed, avoid sharing it in prompts or logs, and rotate it if exposed.