ClawHub
Back to skill

Security audit

Ai Support Pro

Security checks across malware telemetry and agentic risk

Overview

This is a real customer-support automation skill, but it should be reviewed carefully because it can process customer records, trigger customer-facing actions, update CRM data, and approve small returns without clear approval safeguards.

Install only after reviewing the scripts and credential needs. Use sandbox or dry-run workflows first, grant least-privilege CRM and bot tokens, disable CRM writes and refund automation until policies are confirmed, and require human approval before sending customer messages, approving refunds, closing tickets, or updating customer records.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list contains very broad phrases like "тикет", "helpdesk", and "customer support" that are likely to match ordinary conversation and unintentionally activate the skill. In a skill that can create tickets, query CRM data, and send notifications, accidental activation can expose customer data or cause unintended operational actions.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The module is configured to trigger on any incoming customer message, which effectively removes meaningful scoping and can cause autonomous processing of all inbound communications. Because later modules include categorization, escalation, CRM lookups, and reporting, this broad activation increases the chance of privacy violations and unintended ticket lifecycle changes.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill description markets CRM integration and automated support handling but does not warn users that it may process sensitive customer, financial, and behavioral data. This creates a transparency and consent gap, making misuse and overcollection more likely in production environments.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill defines automated routing, ticket creation, and outbound escalation behavior without clear warnings that these are active operational side effects. Users may enable the skill expecting passive assistance, while it can actually notify staff, alter queues, and change records automatically.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger list contains generic phrases like "Set up ticket management" and "Automate our support" that can overlap with ordinary user requests in many support or operations contexts. This can cause unintended skill activation, routing confusion, or overshadowing of more appropriate skills, but it does not by itself introduce code execution, data exfiltration, or privilege escalation behavior.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The installer writes into a default path under the user's home directory and immediately copies multiple files there without any confirmation prompt or dry-run step. While this is common installer behavior and not inherently malicious, it can unexpectedly modify the user's environment and may overwrite expectations about what is being installed, especially when the script is run directly from an untrusted source.

Ssd 3

Medium
Confidence
95% confidence
Finding
The escalation template instructs copying contact details, LTV, history, verbatim quotes, and case summaries into natural-language handoff messages. This broad replication of customer data across channels and personnel materially increases the risk of unnecessary disclosure, oversharing, and leakage through chat logs, notifications, or downstream systems.

Ssd 3

Medium
Confidence
96% confidence
Finding
The CRM card template centralizes extensive personal, financial, support, and behavioral metadata in plain language, including tags such as VIP or frequent anger and detailed operator notes. Persisting and displaying this breadth of sensitive profiling data increases exposure in the event of unauthorized access, excessive internal sharing, or logging into less-protected systems.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
# TONE-OF-VOICE
# ═══════════════════════════════════════════════════ tone: default: "дружелюбный деловой" on_negative_sentiment: "спокойный эмпатичный" on_vip: "персональный профессиональный" on_legal_threat: "нейтральный официальный" address_form: "вы" use_emoji: false response_length: "medium" # ═══════════════════════════════════════════════════
# ВОЗВРАТЫ
# ═══════════════════════════════════════════════════ returns: return_policy_days: 14 return_processing_days: "5-7 рабочих" auto_approve_return_under_rub: 1000 requires_reason_code: true # ═══════════════════════════════════════════════════
# CRM-ИНТЕГРАЦИЯ (опционально)
# ═══════════════════════════════════════════════════ crm: enabled: false type: "bitrix24" # bitrix24 / amocrm / hubspot / freshdesk / zendesk api_url: "" api_key: "" auto_create_ticket: true auto_update_client_card: true required_fields: - "client_id" - "ticket_category" - "priority" - "channel" - "status" # ═══════════════════════════════════════════════════
# КАЧЕСТВО И NPS/CSAT
Confidence
84% confidence
Finding
auto_approve

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.