ClawHub

bigin-crm-skill

Security checks across malware telemetry and agentic risk

Overview

This is a real Bigin CRM integration, but it can broadly read, change, delete, and automate CRM records with limited built-in safeguards.

Install only if you are comfortable granting broad Bigin CRM access. Start in a sandbox or with the least-privilege OAuth app you can use, avoid enabling DEBUG, review reports before sharing them, and do not run bulk updates, delete commands, or sample automation workflows against production until you have dry-run, approval, and recovery procedures in place.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (14)

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The module includes a debug logging facility and accompanying framing that does not warn against logging secrets, while other methods later pass full request headers into that logger. If DEBUG is enabled in production or troubleshooting, the OAuth Authorization header can be written to stderr and exposed through logs, consoles, or monitoring systems.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The activity_report API advertises user- and week-scoped reporting, but the implementation ignores both filters and fetches up to 200 calls, tasks, and events globally. This can cause unauthorized over-collection and disclosure of CRM activity data to callers who reasonably expect a restricted report, increasing privacy and access-control risk in a reporting tool.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly describes an automated workflow that ingests email data, creates or updates CRM contacts and companies, opens pipeline entries, assigns owners, creates tasks, and sends replies without any stated confirmation, audit prompt, or warning about external data transmission. In a CRM context, this can cause unintended data creation, privacy issues, and integrity problems from mis-parsed emails or overly broad automation triggers.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation includes automation and bulk-update examples that can mass-modify pipeline stages, auto-assign ownership, and advance deals based on criteria, but it does not mention safeguards, previews, rollback, or warnings about irreversible CRM changes. In sales systems, these actions can disrupt ownership, forecasting, reporting, and customer workflows at scale if triggered incorrectly.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The workflow is explicitly designed to make automatic, user-impacting CRM changes, including advancing stages and auto-closing opportunities, but the manifest description does not clearly warn users that records may be changed without manual review. In this context, that omission increases the risk of unintended business actions, mistaken closures, and operator surprise, especially because dry_run is disabled and some rules do not require approval.

Missing User Warnings

Low
Confidence
77% confidence
Finding
The daily summary sends pipeline details to a configured email recipient, but the manifest text does not clearly disclose that potentially sensitive sales data will be distributed by email. While the recipient shown appears internal, email-based sharing broadens exposure and can create privacy or confidentiality issues if recipients are misconfigured or messages are forwarded.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The code persists OAuth access and refresh tokens to disk in a predictable location under the user's home directory without any explicit user-facing notice or consent flow. Although file permissions are restricted to 0600, these tokens are long-lived credentials and local persistence increases exposure if the host is shared, compromised, backed up insecurely, or inspected by other software running as the same user.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The code automatically updates CRM ownership records for unassigned pipelines without any interactive confirmation, dry-run mode, or explicit safeguard in the execution path. In an automation skill that can perform remote writes, this increases the risk of unintended bulk reassignment from operator error, bad inputs, or accidental invocation, which can disrupt sales workflows and accountability.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
This path creates CRM tasks as a remote write operation immediately once invoked, with no confirmation, preview, or guardrail beyond the command-line flag. In business automation context, accidental task generation at scale can create operational noise, duplicate tasks, and workflow disruption across many records.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The automation advances pipeline stages through a remote state-changing API call without any user-facing warning, approval step, or simulation mode. Because stage transitions can affect forecasting, reporting, downstream automations, and customer handling, an incorrect or overly broad run could materially alter CRM data integrity.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
This code logs self.headers during API requests, and self.headers contains the OAuth access token in the Authorization header. When debug mode is enabled, anyone with access to stderr or collected logs could reuse the token to access or modify CRM data.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The CLI exposes a destructive delete command that immediately deletes a company record based solely on the provided ID, with no confirmation prompt, dry-run mode, or safeguard against accidental invocation. In an agent or automation context, this increases the likelihood of unintended data loss from user error, prompt confusion, or mis-targeted IDs, especially because CRM data is business-critical and deletions may be irreversible or hard to recover.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The CLI exposes a bulk-update operation that can advance many CRM pipeline records in one run without any interactive confirmation, dry-run preview, or safeguard against accidental misuse. In a sales/CRM context, stage transitions can trigger business workflows, reporting changes, and customer-facing processes, so an unintended invocation can cause widespread irreversible state changes.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The activity report includes raw call, task, and event objects in the details field, which may expose sensitive CRM content such as customer interactions, meeting details, and internal task metadata. In a CLI/reporting context, dumping full records to stdout or downstream consumers expands data exposure beyond what is necessary for summary analytics.

VirusTotal

53/53 vendors flagged this skill as clean.

View on VirusTotal