ClawHub
Back to skill

Security audit

Customer.io

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent Customer.io connector, but it mislabels several account-changing actions as safe read-only operations, which could lead to unintended changes in a live Customer.io workspace.

Review this skill carefully before installing, especially for production Customer.io workspaces. Treat identify, suppress, unsuppress, merge, delete, and event-tracking actions as write operations that need explicit confirmation and payload review, even when the skill text does not tag them that way.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The safety section says untagged actions are read-only, but the listed untagged actions include state-changing operations such as identify_customer, suppress_customer, track_anonymous_event, track_customer_event, and unsuppress_customer. This can mislead an agent into executing writes or suppressions without confirmation, increasing the risk of unauthorized data modification, event injection, or account state changes in a live Customer.io workspace.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger description instructs use of this skill for ANY Customer.io request, which is overly broad and may cause the agent to invoke the skill for loosely related tasks without sufficient narrowing or user-intent validation. In a skill that supports destructive and write-capable actions, overbroad invocation increases the chance of unintended operations being routed through a powerful connector.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal