ClawHub

OEE CRM Intelligence

Security checks across malware telemetry and agentic risk

Overview

This CRM filtering skill is purpose-aligned, but users should understand that AI scoring can send contact details to Anthropic and rejected contacts may be stored locally.

Install only if you are comfortable using Anthropic for CRM scoring. Use a dedicated API key, avoid processing highly sensitive contacts or subject lines unless you have permission to send them to a third-party model provider, and periodically inspect or reset `learning.json` so rejected contacts are not permanently filtered by mistake.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README states that Stage 2 uses Claude Haiku and requires an ANTHROPIC_API_KEY, but it does not clearly warn that contact attributes and message-derived signals may be sent to a third-party API for classification. In a CRM context, that can expose personal or business-sensitive relationship data to an external processor without informed user consent, creating privacy, compliance, and data-handling risk.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger phrases are generic and overlap with ordinary CRM- and outreach-related requests, which increases the chance that an agent invokes this skill unexpectedly. Because the skill can process contact data and perform external AI scoring, accidental activation could expose sensitive personal or business information and cause unintended filtering actions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill states that it 'learns from your feedback' and references an auto-updated preferences file, but it does not clearly warn users that their interactions will persistently modify local state. Silent persistence can create privacy, integrity, and auditability problems, especially if contact-prioritization behavior changes over time without the user's informed consent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill requires an external API key for AI scoring but does not warn that contact data or user-supplied context may be transmitted to a third-party service. In a CRM context, that data can include personal, confidential, or commercially sensitive information, so undisclosed external transmission materially raises privacy and compliance risk.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The code sends contact information, including email, name, subjects, reply status, and interaction history, to a third-party LLM service without any built-in notice, consent, minimization, or redaction. In a CRM context this is meaningfully risky because the data is likely personal or business-sensitive, and prompt content may leave the local trust boundary.

Ssd 3

Medium
Confidence
90% confidence
Finding
Untrusted contact fields are interpolated directly into the LLM prompt, so adversarial content in names or subject lines can influence model output and cause sensitive CRM text to be echoed back in the returned reasoning. Because that reasoning is later surfaced to the caller, this creates a data leakage and prompt-injection style risk within a workflow handling personal contact metadata.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal