ClawHub

Heleni Personal CRM

Security checks across malware telemetry and agentic risk

Overview

This personal CRM skill is not clearly malicious, but it can repeatedly read calendar and CRM data, update monday.com records, and send private meeting notes over WhatsApp without enough scoping or approval controls.

Install only if this is your own monday.com board, calendar, Gmail context, and WhatsApp destination. Before enabling cron or morning briefings, replace raw credential-file access with scoped managed auth, verify the board and recipient, require approval for CRM writes and outbound messages, and redact Notes by default.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill sends pre-meeting briefings containing contact names, roles, notes, and interaction history over WhatsApp, which is outside the core CRM storage/update function described in the manifest. This expands data flows to an external messaging channel and increases the risk of unnecessary disclosure of personal or sensitive business information.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The invocation conditions are broad enough to trigger on ordinary conversation about contacts, meetings, or daily sync, which can cause the agent to access or update CRM data unexpectedly. In a skill that handles calendar-derived contact records and notes, over-broad triggering increases the chance of unintended processing or disclosure of personal information.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill directs the agent to send CRM-derived meeting briefings via WhatsApp without warning the user that personal contact data, notes, and history will be transmitted through an external channel. This creates a clear data-disclosure path and may violate data-minimization or confidentiality expectations, especially for external contacts.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The description does not warn that the skill automatically accesses calendar data and uses it to create or update CRM records, despite describing daily automated sync behavior. Lack of notice reduces informed consent and can lead to silent collection and persistence of contact-related information.

Ssd 3

Medium
Confidence
95% confidence
Finding
The pre-meeting briefing flow explicitly instructs the agent to relay stored CRM notes, last-contact history, and role information through natural-language messages on WhatsApp. Because notes can contain sensitive personal or business context, this creates an easy exfiltration and oversharing path beyond the CRM system itself.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal