ClawHub

Lead Gen + CRM Pipeline

Security checks across malware telemetry and agentic risk

Overview

This is a coherent lead-generation tool, but it needs review because it can write to CRMs, send real outreach emails, and store credentials and contact data locally with limited safeguards.

Review before installing. Use scoped test API keys, keep the workspace out of shared or synced folders, treat exported leads as sensitive data, run dry-runs before any campaign, and require explicit human approval before CRM pushes or real email sends.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill describes capabilities that require network access, filesystem reads/writes, and likely environment/config access, yet it declares no permissions. This creates a transparency and governance gap: an agent or reviewer may invoke the skill without understanding that it can search the web, access API-backed services, persist lead data locally, and send CRM/outreach traffic. In a lead-gen/outreach context, undeclared capabilities are especially risky because they can touch sensitive contact data and trigger external actions.

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
The documented behavior does not reliably match the actual capability set: it omits some external integrations, advertises unsupported/partially supported CRM actions, and overstates automated follow-up behavior. This is dangerous because operators may approve or deploy the skill under false assumptions, leading to unintended data sharing with third parties, broken sales workflows, or accidental outreach behavior that bypasses expected review and compliance controls.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The 'use when' guidance is broad enough that an orchestrator could invoke this skill for loosely related sales, prospecting, or CRM tasks without the user intending web discovery, enrichment, CRM writes, or outreach preparation. In this context, overbroad triggering increases the chance of unnecessary collection/processing of business contact data and accidental initiation of state-changing workflows.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide includes plaintext examples for API keys and access tokens in configuration without any warning to use secrets management, environment variables, or restricted file permissions. In a lead-gen/CRM automation skill, users are likely to copy these patterns directly, which can lead to credential exposure in repos, logs, shared configs, or agent memory and enable unauthorized CRM access.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation states that lead data will be exported to a local CSV file but does not warn that this may contain sensitive personal and business contact information. In this skill's context, exported lead lists can include emails, names, company details, and qualification data, creating risk of local data leakage, accidental sharing, or insecure retention.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script persists discovered lead records, including company details and any email addresses extracted from search results, into a local workspace without any notice, consent flow, retention limit, or access-control consideration. In a lead-generation skill, this increases privacy and compliance risk because operators may unintentionally store personal data on disk where other local processes or users could access it.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
User-provided query, industry, and location values are transmitted to Brave Search, which is expected for the feature but still exposes potentially sensitive prospecting terms or customer intelligence to a third party. In the context of lead generation, searches may reveal confidential targeting strategies, making undisclosed external transmission a real privacy and business-sensitivity issue.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal