Security audit
Maverick Hubspot Mcp
Security checks across malware telemetry and agentic risk
Overview
This is a disclosed HubSpot CRM connector that stores OAuth credentials locally and can read or update HubSpot data through HubSpot's hosted MCP server.
Install only if you trust this skill to act as your connected HubSpot account. Review the HubSpot OAuth grant, confirm write actions before they run, avoid passing unrelated sensitive data through HubSpot tool arguments, and revoke the integration in HubSpot when no longer needed.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
VirusTotal findings are pending for this skill version.