ClawHub

zoho-support-claw

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims, but it sends and stores potentially sensitive support-ticket content without enough scoping, redaction, or retention guidance.

Review before installing in any real support environment. Use least-privilege Zoho credentials, restrict file access to .env and data/embeddings.json, confirm your organization permits sending ticket data to OpenAI, redact secrets and regulated data before ingestion, add retention/deletion controls, and upgrade or pin dependencies before production use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (10)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README explicitly states that the skill ingests historical support tickets, stores embeddings locally, and sends ticket content to OpenAI for analysis and draft generation, but it does not warn operators about handling potentially sensitive customer data, retention, access control, or third-party transfer. In a support-desk context, tickets commonly contain PII, credentials, account details, or confidential business information, so omission of clear privacy and data-handling guidance can lead to unsafe deployment and unintended disclosure.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The code sends closed-ticket text, which includes subject, description, and resolution, to an embeddings component and stores requester metadata alongside the vectors without any visible minimization, consent, or boundary checks in this file. If the embeddings backend is external or logs inputs, historical support data and contact-related information could be exposed or processed in ways users did not expect.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The code sends live open-ticket subject and description content to the embeddings service to build a query vector, again with no visible redaction or disclosure controls. Open support tickets often contain sensitive operational, personal, or security information, so forwarding them to a third-party model provider can create confidentiality and compliance risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The reply-generation step sends the full ticket object together with retrieved historical ticket context to another component that may rely on an external model or service. This compounds exposure by mixing current customer data with prior ticket contents, increasing the chance of sensitive-data leakage, over-sharing, or unintended model retention across multiple users' support records.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The function sends raw ticket subject, description, and contextual data to the OpenAI API, which is an external third-party service. Support tickets often contain personal, confidential, or regulated information, so transmitting them off-platform without any visible minimization, consent flow, redaction, or disclosure creates a real data exposure and privacy/compliance risk.

Unpinned Dependencies

Low
Category
Supply Chain
Content
"author": "",
  "license": "MIT",
  "dependencies": {
    "axios": "^1.4.0",
    "dotenv": "^16.0.0",
    "openai": "^4.0.0",
    "pino": "^8.0.0"
Confidence
92% confidence
Finding
"axios": "^1.4.0"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"license": "MIT",
  "dependencies": {
    "axios": "^1.4.0",
    "dotenv": "^16.0.0",
    "openai": "^4.0.0",
    "pino": "^8.0.0"
  }
Confidence
90% confidence
Finding
"dotenv": "^16.0.0"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"dependencies": {
    "axios": "^1.4.0",
    "dotenv": "^16.0.0",
    "openai": "^4.0.0",
    "pino": "^8.0.0"
  }
}
Confidence
91% confidence
Finding
"openai": "^4.0.0"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"axios": "^1.4.0",
    "dotenv": "^16.0.0",
    "openai": "^4.0.0",
    "pino": "^8.0.0"
  }
}
Confidence
89% confidence
Finding
"pino": "^8.0.0"

Known Vulnerable Dependency: axios==1.4.0 — 10 advisory(ies): CVE-2025-62718 (Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF); CVE-2026-42044 (Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `pars); CVE-2026-25639 (Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig) +7 more

High
Category
Supply Chain
Confidence
98% confidence
Finding
axios==1.4.0

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal