ClawHub

Close

Security checks across malware telemetry and agentic risk

Overview

This Close CRM skill is not overtly malicious, but it gives an agent broad live CRM access, including raw API write/delete capability, without clear guardrails.

Install only if you trust Membrane and intend to let an agent access live Close CRM data. Use a least-privilege Close account where possible, review the Membrane connection, and require the agent to show the exact action or API request and get explicit approval before any create, update, or delete operation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The connection flow claims to be for Close, but the documented `membrane connection ensure ""` behavior can normalize arbitrary URLs/domains, create unknown app connections, and even build connectors automatically. That materially expands the trust boundary from a Close-specific skill into a generic external integration bootstrapper, which could be abused to reach unintended third-party systems.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The proxy request feature allows arbitrary direct API calls with caller-controlled method, headers, body, query, and path parameters. In a skill advertised for managing Close data, this bypasses higher-level action constraints and enables broad read/write/delete operations against the remote API, increasing the chance of destructive or unauthorized actions.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill documents create and update operations without emphasizing that they modify live CRM records. In an agent context, lack of explicit warnings or confirmation requirements can lead to unintended writes, data corruption, or business-impacting changes triggered by ambiguous user requests.

Missing User Warnings

High
Confidence
95% confidence
Finding
The proxy request section presents direct API access as a fallback but does not warn that it supports destructive methods including DELETE. In an autonomous or semi-autonomous agent workflow, omission of that warning makes accidental or unsafe destructive operations substantially more likely.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal