Back to skill

Security audit

Help Scout

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed HelpScout CLI skill that can manage real support data, so it is appropriate for intended HelpScout administration but should be used carefully.

Install only if you trust the upstream hs CLI and intend to let an agent work with HelpScout data. Use least-privilege HelpScout credentials, enable the built-in permissions allowlist when possible, avoid debug output in shared environments, and require explicit confirmation before destructive or publishing actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill exposes multiple destructive delete operations for conversations, customers, organizations, webhooks, articles, and drafts without any warning that these actions may be irreversible. In an agent-skill context, omission of safety guidance increases the chance of accidental destructive actions against production HelpScout resources.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs users to configure OAuth client secrets and Docs API keys and notes that credentials resolve from the OS keyring or config file, but it does not warn that secrets may be stored locally. This can lead users or agents to place long-lived credentials in plaintext-accessible config locations or otherwise mishandle sensitive authentication material.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The `--debug` flag is described as showing HTTP request/response details without warning that these details may include API tokens, customer data, message bodies, and other sensitive HelpScout content. In a support-system CLI, verbose HTTP logging can easily expose PII and secrets into terminal scrollback, logs, or agent outputs.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.