ClawHub

Revops

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only RevOps guidance skill with expected CRM and automation playbooks, but users should review privacy and data-sharing choices before implementing its examples.

Safe to install for RevOps planning. Before implementing the automation recipes, confirm which lead/customer fields may be shared, use private authorized channels, avoid unnecessary behavioral details, and review consent, vendor, retention, and audit requirements for your organization.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The eval explicitly rewards triggering the skill on vague, casual phrasing ('our pipeline is a mess') without also requiring disambiguation or scope checks. In a routing system, this can cause over-broad activation of the RevOps skill for loosely related business problems, increasing misrouting risk and potentially producing authoritative but off-target operational guidance.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The playbook explicitly routes lead context through internal email and Slack without any privacy guardrails, data-minimization guidance, or role-based access considerations. In a RevOps skill, this is contextually plausible operational advice, but it still increases the risk of unnecessary exposure of personal or commercially sensitive data across collaboration tools.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The recipe recommends sharing recent page views, content downloads, and engagement activity in notifications and digests, which are behavioral data that may be privacy-sensitive and reveal user interests or intent. Even though this is common in sales automation, distributing such activity broadly without minimization or notice can create internal overexposure and compliance risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
These cross-tool automations propagate enriched lead and customer data across multiple third-party systems including CRM, Slack, ad platforms, analytics, and customer-success tools, significantly expanding the data-sharing surface. Without warnings about downstream processing, vendor controls, consent, or data classification, the playbook could lead users to implement broad data flows that create material privacy, confidentiality, and compliance exposure.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal