ClawHub

Hubspot Crm

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate HubSpot CRM helper, but it gives an agent live customer-record write/delete authority and lists external automation webhooks without enough scoping or approval guidance.

Install only if you control the USC SYNERGY HubSpot account and can provide a least-privilege HubSpot token. Require explicit confirmation before any create, update, association, note/task creation, stage change, or archive action. Do not enable or invoke the n8n webhook flows until the destination, payload contents, consent, retention, and access controls are approved.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The skill is presented as a HubSpot CRM management skill but also documents external n8n webhooks for cross-system synchronization and WhatsApp enrichment. This expands the data flow beyond the stated scope and creates a risk that customer PII from HubSpot or conversations could be forwarded to additional systems without clear authorization, validation, or data-handling controls.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The webhook integrations are not justified by the core HubSpot-only CRM functionality and introduce hidden coupling to external services. In a CRM context handling contact records, sync and enrichment endpoints materially increase exposure of personal and commercial data if invoked improperly or later activated without review.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
These commands create and modify contacts and deals but do not consistently warn that they will persist changes to live customer CRM data. In an agent skill, omission of mutation warnings increases the chance of unintended writes, corrupting records, changing pipeline state, or creating inaccurate sales data.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The note and task commands persist free-form internal content into HubSpot records, yet the skill does not warn that conversation context, internal notes, or sensitive operational details may be stored permanently. This creates a risk of over-sharing sensitive data, leaking internal reasoning, or saving inappropriate content into customer-visible or retained business systems.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal