ClawHub

Lead Enrichment Pipeline

Security checks across malware telemetry and agentic risk

Overview

This lead-capture skill is mostly transparent about what it does, but its public webhooks can write to Google Sheets and send emails with too little built-in abuse control.

Review before installing. Use dedicated least-privilege Google Sheets and SMTP credentials, add webhook secrets or signature checks, validate email and field lengths, add real edge rate limiting or bot protection, and make sure your forms disclose collection, use, sharing, and retention of lead data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill is explicitly designed to ingest, store, deduplicate, score, and email lead records containing personal data such as names, email addresses, phone numbers, and company information, but it does not prominently warn users that it handles and redistributes personal data. This increases the risk of accidental privacy non-compliance, unsafe deployment, and inappropriate use of production PII in testing or forwarding workflows.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The webhook collects personal data, including email address and possibly diagnostic result fields, then stores them in Google Sheets without any visible consent, notice, or minimization controls in the workflow. This creates privacy and compliance risk because submitted data may be retained and repurposed without clear user awareness or limitations.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The workflow exposes a publicly reachable POST webhook endpoint for lead creation with no visible authentication, signature verification, IP restriction, or abuse controls. An attacker could submit arbitrary data to poison the lead database, trigger unsolicited notification emails, and create spam or operational noise.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The webhook exposes a generic unauthenticated POST endpoint at /newsletter, allowing any internet client to submit arbitrary payloads. Although a basic rate limiter exists, it relies on spoofable proxy headers and does not provide authentication, origin validation, or bot protection, so the endpoint can be abused for spam signups, sheet pollution, and unwanted email generation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal