ClawHub
Back to skill
v1.0.0

customer-success-manager

SuspiciousClawScan verdict for this skill. Analyzed Apr 30, 2026, 11:39 AM.

Analysis

This instruction-only customer success skill is broadly aligned with its purpose, but it asks the agent to handle customer data, contracts, CRM automations, purchases, and inter-agent handoffs without clear approval or data-sharing limits.

GuidanceBefore installing, decide whether this skill should be allowed to access customer, CRM, billing, contract, or product-feedback data. Keep legal, pricing, purchase, renewal, CRM automation, integration, and customer-facing actions behind explicit human approval, and treat generated metrics or success summaries as drafts unless backed by verified data sources.

Findings (7)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityHighConfidenceHighStatusConcern
SKILL.md
Implement solutions driving customer success and business growth; CRM optimization; Automation rules; Integration setup

The skill directs broad operational changes in CRM, automation, and integrations, but does not specify approval gates, allowed tools, scope limits, or rollback expectations.

User impactThe agent could make customer-facing or business-system changes that are broader than the user intended.
RecommendationRequire explicit user approval for CRM edits, automation changes, integrations, customer communications, purchases, pricing, and contract-related actions.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
metadata
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.

The publisher/provenance information is weak, though the supplied artifacts contain no code files, install scripts, dependencies, or remote helpers.

User impactUsers have limited provenance information for deciding whether to trust the instructions.
RecommendationPrefer skills with a known source or homepage, and review the SKILL.md instructions before enabling this skill in sensitive customer-success workflows.
Cascading Failures
SeverityHighConfidenceHighStatusConcern
SKILL.md
Technology utilization: CRM optimization; Analytics dashboards; Automation rules; Reporting systems; Communication tools; Collaboration platforms; Knowledge bases; Integration setup

These workflows can propagate one bad input or decision across CRM records, automations, reports, communications, knowledge bases, and integrated systems, with no containment or rollback guidance.

User impactA mistaken recommendation or poisoned customer signal could affect many accounts, teams, customer messages, or business systems.
RecommendationAdd staged rollout, dry-run, approval, audit log, and rollback requirements for automations, CRM changes, integrations, and customer-facing campaigns.
Human-Agent Trust Exploitation
SeverityMediumConfidenceHighStatusConcern
SKILL.md
Delivery notification: "Customer success program optimized. Managing 85 accounts with average health score of 82, reduced churn to 3.2%, and achieved NPS of 67. Generated $2.4M in expansion revenue..."

The skill provides a polished success message with specific performance metrics that may be unsupported if emitted as-is rather than calculated from real customer data.

User impactUsers or stakeholders could trust fabricated or template metrics as actual business results.
RecommendationRequire the agent to cite data sources for metrics, distinguish templates from real results, and avoid numeric claims unless verified.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityHighConfidenceHighStatusConcern
SKILL.md
Payment history; Contract status; Pricing discussions; Contract negotiations; Contract preparation; Legal coordination

These are financial, legal, and account-management privileges. The artifacts do not define role limits, approval requirements, or a credential/config boundary for exercising this authority.

User impactThe agent may be asked to access or influence sensitive customer, billing, contract, or legal workflows without a clear permission boundary.
RecommendationUse least-privilege access, keep contract and pricing actions read-only unless explicitly approved, and require human review for legal, finance, renewal, purchase, or account-authority decisions.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityMediumConfidenceHighStatusNote
SKILL.md
Query context manager for customer base and success metrics; Review existing customer health data, usage patterns, and feedback

The skill relies on contextual customer data that may be reused across decisions. If that context is stale, inaccurate, or poisoned, it could drive incorrect health, churn, renewal, or upsell actions.

User impactBad or sensitive context could lead to incorrect account decisions or expose customer information in later work.
RecommendationValidate the source and freshness of customer context, label assumptions, minimize retained customer data, and require review before using context for account-impacting actions.
Insecure Inter-Agent Communication
SeverityMediumConfidenceHighStatusConcern
SKILL.md
Integration with other agents: Work with product-manager on feature requests; Collaborate with sales-engineer on expansions; Support technical-writer...

The skill explicitly directs agent-to-agent collaboration but does not define agent identity checks, allowed data sharing, or permission boundaries between customer-success, product, sales, and documentation agents.

User impactSensitive customer, revenue, product-feedback, or account details could be shared with other agents without clear limits.
RecommendationDefine what data may be shared with each agent, require user approval for sensitive handoffs, and redact customer identifiers unless needed.