Hubspot Suite

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate HubSpot helper suite, but it gives broad CRM and automation control with weak safeguards around bulk and destructive actions.

Install only if you intentionally want an agent to help administer HubSpot. Use a dedicated least-privilege HubSpot token, prefer read-only scopes for reports, test in a sandbox first, and require manual approval before imports, exports, merges, deletes, workflow changes, schema changes, or bulk updates. Avoid DEBUG=1 with real customer data and protect any .env or CLI-authenticated credentials.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (29)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill advertises and demonstrates network and shell capabilities but declares no explicit permissions, which weakens policy enforcement and informed consent. In a skill that can export CRM data and modify records, undeclared capabilities make it easier to invoke powerful operations without clear guardrails.

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The invocation language is so broad that the skill may be selected for nearly any HubSpot-related request, including sensitive admin, export, and destructive workflows. Overbroad routing increases the chance that a high-privilege skill is invoked unnecessarily, exposing credentials and customer data to more situations than needed.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The documentation includes workflows for bulk import/export, duplicate merging, activity logging, and reporting without privacy warnings, confirmation steps, or least-privilege guidance. In a CRM context, these actions can expose personal data, alter customer records, and trigger irreversible business changes if run casually or automatically.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The document includes a direct company deletion example without any warning, confirmation guidance, or mention of archival/recovery implications. In an agent skill, this increases the chance that an LLM-driven workflow or user will execute irreversible destructive actions against production CRM data unintentionally.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The UI bulk operations section mentions bulk delete alongside other routine actions without emphasizing the higher risk of mass data loss. In a broad administrative skill intended for 'ANY HubSpot-related task,' normalizing bulk deletion without caution can lead to large-scale accidental record removal.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The documentation includes a destructive DELETE/archive example against production contact records without any warning, confirmation guidance, or note about recovery constraints. In an agent skill context, users or downstream automation may copy these examples directly, causing unintended data loss or record state changes in live HubSpot environments.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The merge example performs an irreversible record consolidation that can alter associations, history visibility, and data integrity, yet the document gives no caution about consequences or validation steps. In a broad HubSpot administration skill, this increases the chance an agent or user executes the example on the wrong records and permanently corrupts CRM data quality.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The document provides copy-pastable commands that create and modify live HubSpot deal records, including closing deals and batch updates, without any warning that these are state-changing operations. In an agent skill context, users may assume examples are safe to run for learning, which increases the risk of accidental production data alteration and business-process disruption.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The examples repeatedly use a bearer access token in authenticated requests but do not warn about secure credential handling, shell history exposure, logging, or transmission of sensitive CRM data to an external service. This omission can lead users or downstream agents to mishandle tokens or unknowingly send real customer and revenue data to HubSpot production endpoints.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The documentation includes ready-to-run examples that create, update, and close live HubSpot tickets using a real bearer token, but it provides no warning that these are state-changing operations against production customer-support data. In a skill intended for broad operational use, this increases the chance that an agent or user will execute destructive actions on real records without confirmation or use of a sandbox.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The batch update example closes multiple tickets in one request and can materially alter support workflow, SLAs, reporting, and customer communications, yet it lacks any warning about bulk-impacting changes or verification of target IDs. Bulk destructive examples are more dangerous than single-record examples because mistakes scale immediately across multiple live support cases.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The documented cleanup_test_data workflow performs bulk deletion of CRM contacts based on a broad email token match and provides no explicit warning, dry-run mode, or confirmation gate in the surrounding documentation. In a production CRM context, this can cause irreversible or hard-to-recover data loss if operators copy and run it as-is, especially because many legitimate records may contain the token 'test'.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The normalize_all_phones example performs automated bulk PATCH updates against contact records without a clear warning that it modifies production CRM data. Although intended for data hygiene, mass updates can corrupt fields at scale if normalization logic is wrong, locale assumptions are invalid, or parsing of CSV output is imperfect.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The bulk name-standardization example updates many contact records automatically but lacks documentation warning users about automated record modification risks. Name casing transformations can overwrite intentionally formatted names and introduce widespread data integrity issues if applied indiscriminately.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The documentation includes multiple create and update examples against live HubSpot CRM endpoints without any warning that these operations modify production customer records and can trigger workflows, notifications, task creation, list membership changes, and audit history updates. In an agent skill context, users or downstream automation may copy these examples directly, increasing the risk of unintended state changes in real tenant data.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The examples use a bearer access token in command lines but do not warn about secure credential handling, token scope minimization, shell history leakage, logging exposure, or avoiding hardcoding secrets. In practice, users often paste real tokens into terminal commands, CI logs, screenshots, or shared notes, which can expose CRM access to unauthorized parties.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: This reference file provides bulk import, export, backup, and migration procedures for CRM records containing customer PII without any guardrails, authorization reminders, or warnings about handling sensitive data. In an agent skill context, documentation that normalizes large-scale data creation and extraction can enable accidental over-collection, unauthorized export, or destructive modifications if invoked without explicit user confirmation and scope checks.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The document provides authenticated POST, PATCH, and DELETE examples that directly modify HubSpot CRM schema without prominent warnings about production impact, rollback limitations, or workflow/form/report dependencies. In an agent skill context, these examples can be operationalized against a live tenant, causing unintended schema changes, broken automations, and data loss from property deletion.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: This documentation includes multiple state-changing examples that create workflows, enable automation, and enroll or unenroll contacts in live HubSpot systems without clearly warning that these commands modify production automation and customer records. In an agent-skill context, users or downstream agents may copy these examples directly, causing unintended workflow activation, email sends, task creation, or record changes at scale.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The webhook and CRM sync examples send contact data to external destinations and even show an Authorization header embedded in an outbound webhook example, but provide no warning about privacy, consent, data minimization, or third-party sharing. In a CRM/marketing automation skill, this can lead to unauthorized disclosure of personal or commercial data to external systems.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: When DEBUG=1, the script logs the full request payload via `log_debug "Data: $data"`. HubSpot API payloads commonly contain PII, customer content, or secrets embedded in JSON fields, so this can leak sensitive data into terminal logs, CI logs, or agent telemetry without any warning or redaction. In a HubSpot administration skill that handles CRM, marketing, service, and commerce data, the exposure risk is elevated because payloads may include highly sensitive business and customer records.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: This script performs an irreversible HubSpot record merge immediately after receiving parameters, with no interactive confirmation, dry-run mode, or secondary safeguard. In a CRM administration context, a mistaken object type or record ID can permanently combine records and overwrite data relationships, making operator error materially harmful.

External Transmission

Medium

Category: Data Exfiltration
Content: local json_array=$(printf "%s," "${batch_data[@]}") json_array="[${json_array%,}]" response=$(curl -s -X POST "https://api.hubapi.com/crm/v3/objects/contacts/batch/create" \ -H "Authorization: Bearer $HUBSPOT_ACCESS_TOKEN" \ -H "Content-Type: application/json" \ -d "{\"inputs\": $json_array}")
Confidence: 90% confidence
Finding: curl -s -X POST "https://api.hubapi.com/crm/v3/objects/contacts/batch/create" \ -H "Authorization: Bearer $HUBSPOT_ACCESS_TOKEN" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium

Category: Data Exfiltration
Content: [ -n "$after" ] && search_query="$search_query, \"after\": \"$after\"" search_query="$search_query }" response=$(curl -s -X POST "https://api.hubapi.com/crm/v3/objects/contacts/search" \ -H "Authorization: Bearer $HUBSPOT_ACCESS_TOKEN" \ -H "Content-Type: application/json" \ -d "$search_query")
Confidence: 88% confidence
Finding: curl -s -X POST "https://api.hubapi.com/crm/v3/objects/contacts/search" \ -H "Authorization: Bearer $HUBSPOT_ACCESS_TOKEN" \ -H "Content-Type: application/json" \ -

External Transmission

Medium

Category: Data Exfiltration
Content: echo "Checking for existing records..." tail -n +2 "$csv_file" | while IFS=',' read -r email firstname lastname; do existing=$(curl -s -X POST "https://api.hubapi.com/crm/v3/objects/contacts/search" \ -H "Authorization: Bearer $HUBSPOT_ACCESS_TOKEN" \ -H "Content-Type: application/json" \ -d "{
Confidence: 91% confidence
Finding: curl -s -X POST "https://api.hubapi.com/crm/v3/objects/contacts/search" \ -H "Authorization: Bearer $HUBSPOT_ACCESS_TOKEN" \ -H "Content-Type: application/json" \ -

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal