ClawHub

raai-price-probe-noprice-20260421

Security checks across malware telemetry and agentic risk

Overview

This is a coherent customer-support automation skill, but it needs review because it can process customer data and update or message support systems without clear privacy and approval boundaries.

Review carefully before connecting real systems. Use test data and least-privilege credentials first, disable automatic CRM writes, refunds, and outbound customer messages until a human-approval flow is configured, add redaction and retention rules for customer data, and fix the missing .env.example/setup mismatch before installation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The README explicitly instructs users to populate business configuration fields such as company details and an escalation manager's Telegram contact, while the product also processes support tickets, client histories, LTV, refunds, and sentiment. That creates a clear path for handling personal and potentially sensitive customer or employee data without any privacy notice, data classification guidance, retention limits, or safe-handling requirements, increasing the risk of accidental exposure or non-compliant deployment.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list contains very broad phrases like "тикет", "helpdesk", "customer support", and "возврат денег", which can match ordinary conversation and cause the skill to activate outside a clearly intended scope. In a support automation skill that can read CRM context and generate escalations, over-triggering increases the chance of unintended access, processing, or disclosure of customer data.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The statement that categorization applies to "any incoming customer message" is an ambiguous activation rule that effectively authorizes processing of all inbound content without a clear consent or scope boundary. Because the skill also performs sentiment analysis, routing, escalation, and logging, this broad condition can sweep in sensitive messages that were not meant for automated handling.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill is designed to handle CRM integrations, customer histories, escalations, analytics, and reporting, but it does not prominently warn that personal data will be collected, summarized, and propagated across multiple systems. This omission creates a real privacy and compliance risk because operators or deployers may enable the skill without understanding the extent of data movement and retention.

Ssd 3

Medium
Confidence
97% confidence
Finding
The escalation template instructs the system to include full client identity, contact details, LTV, support history, direct quotations, and recommended actions in natural-language handoff messages. This creates a high-risk data exposure pattern because sensitive customer information is replicated into chat, email, or messaging channels that may have broader access controls than the source CRM.

Ssd 3

Medium
Confidence
98% confidence
Finding
The client card and reporting instructions mandate persistent storage and broad summarization of contacts, financial metrics, ticket history, sentiment-style labels, and operator notes. In context, this is more dangerous because the skill is explicitly designed to centralize support operations and analytics, so over-collection and unrestricted summarization can amplify privacy breaches, insider misuse, and regulatory noncompliance.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal