ClawHub

cs-autoresponder

Security checks across malware telemetry and agentic risk

Overview

This is a coherent customer-service autoresponder skill, with expected privacy and operational risks to manage before connecting real channels.

Installing the current mock skill is reasonable. Before production use, test automatic replies in a sandbox, keep logs in a dedicated protected directory, redact or avoid storing sensitive customer content, set an explicit retention policy, review any third-party LLM or messaging provider data-sharing obligations, and replace commented shell examples with safer scoped APIs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (9)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README explicitly describes logging channel, user, message, response, FAQ ID, and score, which creates a clear risk of storing customer identifiers and message content that may contain personal or sensitive information. In a customer-service autoresponder context, this data handling is directly tied to real user communications, so inadequate disclosure, minimization, and retention controls can lead to privacy violations and unnecessary exposure.

Missing User Warnings

High
Confidence
97% confidence
Finding
The production guidance recommends sending full customer inquiry content to third-party LLM APIs for matching without any warning about external data transfer, consent, retention, or contractual controls. Because this skill processes customer-service messages, those inquiries may contain personal data, complaints, order details, or other sensitive business information, making unvetted transmission to external AI providers a significant privacy and compliance risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill says all CS conversations are logged daily, and later examples show storage of raw messages plus user identifiers such as usernames and phone numbers. Without a clear retention notice, minimization policy, and operator warning, users may unknowingly retain personal data and sensitive customer communications, creating privacy and compliance risk.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script forwards raw customer message content and identifiers into escalation notifications sent to external channels such as Discord or Kakao without any minimization, redaction, or consent checks. In a customer service context, user messages may contain personal, financial, or sensitive complaint data, so copying them to third-party messaging systems increases privacy exposure and expands the data-sharing surface.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The code prints raw incoming customer messages and user identifiers directly to stdout, which commonly ends up in process logs, terminal history, or centralized log collectors. In a customer-service context, those messages may contain personal data, credentials, order details, or complaints, so exposing them in logs increases privacy and data-handling risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The logger persists full message content, user identifiers, generated responses, and metadata, creating a durable record of customer communications. Persistent storage materially increases risk compared with transient processing because sensitive data may be retained longer than necessary and exposed through log access, backup systems, or downstream analytics.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The escalation path forwards the user's identifier and full message text to another component without any visible data-minimization, sanitization, or disclosure controls in this file. In a support workflow this may be functionally necessary, but it still expands the trust boundary and can leak sensitive customer data to additional systems or staff.

Ssd 3

Medium
Confidence
96% confidence
Finding
A blanket instruction to log all customer conversations encourages collection of potentially sensitive personal data, complaints, and business communications by default. If logs are accessed by unauthorized parties, mishandled, or retained too long, this can expose customer identities and message contents and expand breach impact.

Ssd 3

Medium
Confidence
98% confidence
Finding
The directory structure and JSONL examples explicitly prescribe storing raw conversation messages together with direct identifiers like Instagram handles and phone numbers. This creates a concrete privacy and security risk because leaked or over-retained logs would expose customer PII and message content at scale, and the examples normalize unsafe storage practices.

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal