ClawHub

Brevo

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Brevo integration, but it gives an agent broad authenticated ability to read, change, delete, and directly call CRM API endpoints without clear confirmation safeguards.

Install only if you want an agent to operate on Brevo business data through Membrane. Prefer the listed prebuilt actions, confirm the exact account and record before any create/update/delete, and require explicit approval before any proxy request using POST, PUT, PATCH, or DELETE.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The description is broad enough that an agent may invoke this skill for many CRM- or marketing-related tasks without strong user intent verification. Because the skill includes both read and write capabilities over contacts, deals, companies, tasks, lists, and proxy requests, accidental activation could lead to unintended data access or modification.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation lists create, update, and delete actions but does not clearly warn that these operations can permanently alter or remove Brevo data. In an agent setting, missing guardrails around destructive actions increases the chance of unintended writes or deletions, especially when actions are selected from natural-language intent matching.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The proxy request feature enables arbitrary API requests through an authenticated connection, which can bypass the safer constraints of prebuilt actions. Without a prominent warning, an agent may send sensitive data, hit dangerous endpoints, or perform broad write operations with less validation and transparency than standard actions.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal