ClawHub

企服客户管理

Security checks across malware telemetry and agentic risk

Overview

This customer-management skill is coherent, but it handles real customer records and includes an embedded WeCom webhook plus scheduled outbound risk-report pushing without enough consent or data-control boundaries.

Review before installing. Use only in an authorized business environment, remove and rotate the exposed WeCom webhook, keep local-only mode as the default, and require explicit approval plus redaction before sending tenant, contact, payment, or risk data to WeCom or Tencent Docs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill documentation includes optional pushing to WeCom groups and generating Tencent Docs, which introduces outbound data-sharing capabilities on top of local Excel processing. Because the workbook contains real customer data and the feature is only loosely described, operators may unknowingly transmit sensitive tenant and risk information to external systems without proper authorization or minimization.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The configuration hardcodes a WeCom webhook URL, enabling direct outbound delivery of customer-related reports to an external messaging endpoint. Embedding a live webhook in skill documentation/config creates a real exfiltration path for sensitive business and tenant data and also risks unauthorized use of the webhook itself if the file is shared or committed.

Missing User Warnings

High
Confidence
93% confidence
Finding
The skill describes automated generation and push of customer risk reports to enterprise messaging channels, but it does not provide an explicit user-facing warning that sensitive customer data may leave the local workbook environment. In this context, the data includes real tenant identities, contact details, payment status, and risk classifications, making silent external dissemination particularly dangerous.

Missing User Warnings

High
Confidence
98% confidence
Finding
The configuration both exposes a specific external WeCom webhook and lacks any clear warning that customer data may be transmitted over the network. Given the skill processes real business records from Excel, this creates a direct and non-transparent channel for sensitive data disclosure outside the local system boundary.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal