ClawHub

Freshsales

Security checks across malware telemetry and agentic risk

Overview

This Freshsales skill is not deceptive, but it gives an agent broad live CRM write/delete and raw API authority without clear confirmation guardrails.

Install only if you intend to let an agent operate on a live Freshsales account. Use least-privilege Freshsales/Membrane permissions where possible, review the connection scopes, and require explicit approval before creates, updates, deletes, bulk changes, workflow changes, or raw proxy API requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The skill description is broad enough to match many generic CRM or sales-related requests, which can cause the agent to invoke a high-privilege integration without sufficiently clear user intent. In this context, overbroad routing is risky because the skill supports reading, creating, updating, deleting records, and proxying arbitrary API requests to an external SaaS.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation advertises create, update, and delete capabilities but provides no warning, confirmation requirement, or safety guidance for destructive operations. This increases the chance that an agent will perform irreversible changes to CRM data based on ambiguous, mistaken, or adversarial prompts.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The proxy request feature enables direct transmission of arbitrary data to the Freshsales API through Membrane, but the skill does not warn that user data will be sent to an external service or that raw requests may bypass safer prebuilt actions. In this context, that expands the attack surface to unintended exfiltration, unsafe writes, and access to endpoints not covered by curated actions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal