ClawHub

Crisp Skill

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Crisp support skill, but it gives the agent real access to read and change live customer conversations.

Install only if you intend to let the agent access your Crisp inbox with a read/write plugin token. Use the narrowest Crisp scopes that still support your workflow, keep the token in a trusted environment, and require explicit human approval before sending customer replies or changing conversation state.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill clearly requires access to environment variables containing Crisp credentials and makes authenticated network calls to the Crisp API, yet it declares no explicit permissions. This creates a permission-model gap: the skill can access secrets and external services without transparent scoping, which increases the risk of unintended data exposure or over-privileged execution if the surrounding platform relies on declared permissions for enforcement or review.

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The undocumented 'websites' command expands the tool's capabilities beyond the declared support-inbox operations and prints raw API response structures. That creates unnecessary data exposure risk because operators or downstream agents may invoke a hidden command that reveals account metadata or conversation structures not needed for normal support workflows.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly enables reading customer inboxes, searching conversation history, and sending replies in a live support system, but it does not warn about handling sensitive personal data, access control, auditability, or the risk of unintended modifications to production conversations. In an agent skill context, this omission is security-relevant because it normalizes high-impact operations without guardrails, increasing the chance of privacy violations, accidental data exposure, or unauthorized customer messaging.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The skill performs state-changing actions like marking conversations read or resolved immediately, without any confirmation, dry-run mode, or guardrails. In an agent-driven setting, that increases the chance of unintended operational changes that could hide unread tickets or prematurely close customer issues.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal