ClawHub

Lead Scoring

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a legitimate lead-scoring guide with a local CSV scoring script, but users should treat CRM tokens and exported contact data carefully.

Install only if you intend to configure lead scoring or process CRM exports. Use a sandbox first, provide the narrowest possible HubSpot or Salesforce token, review workflows before enabling them, and handle exported or scored CSV files as sensitive customer/contact data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Tp4

High
Category
MCP Tool Poisoning
Confidence
84% confidence
Finding
The manifest and description repeatedly present the skill as 'instruction-only,' but the static finding indicates operational behavior such as ingesting CSV exports, computing scores, and writing output files. That mismatch is dangerous because users may grant sensitive CRM data or approve execution under false assumptions about passive documentation, increasing the chance of unauthorized processing of customer data.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
An 'instruction-only' skill should not require live HubSpot or Salesforce API credentials for active configuration. This discrepancy can mislead users into exposing privileged CRM tokens to a skill they believe is merely explanatory, creating unnecessary risk of tenant-wide data access or modification.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Collecting HubSpot or Salesforce access tokens is unjustified when the visible skill content is documentation and setup guidance. Unnecessary credential collection violates least privilege and creates a direct path to sensitive CRM data exposure, account manipulation, or downstream misuse if tokens are mishandled.

Vague Triggers

Medium
Confidence
77% confidence
Finding
The activation language is broad enough to trigger on many normal CRM, scoring, qualification, or automation requests without clear boundaries. Over-broad routing is risky here because the skill also advertises sensitive CRM credential use, so accidental invocation could expose users to unnecessary token requests or unintended data-handling flows.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill requests CRM access tokens but provides no warning about credential sensitivity, token scope, storage, or the breadth of customer data accessible through those credentials. In the CRM context this is especially dangerous because these tokens may permit access to lead records, contact data, workflows, and account configuration without the user appreciating the security consequences.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The guide instructs users to collect and score website activity, form submissions, and email engagement data, but it never mentions obtaining valid consent, honoring opt-out preferences, or checking applicable privacy requirements before behavioral tracking. In a CRM automation skill, this omission is material because users may implement surveillance-style lead scoring that violates internal policy or privacy regulations, especially when email opens/clicks and page visits are used for qualification decisions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal