ClawHub

ChatbotX is an open-source chat marketing platform for managing contacts, conversations, flows, broadcasts, and sequences across WhatsApp, Messenger, Instagram, TikTok, Telegram, Zalo OA, Email, and Webchat. An alternative to ManyChat, Chatfuel, Wati, Respond, etc...

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real ChatbotX administration skill, but it gives an agent powerful customer-data mutation abilities and includes unsafe TLS guidance without enough safeguards.

Install only if you trust the publisher and need agent-driven ChatbotX administration. Use a least-privilege API token, avoid production credentials during testing, require explicit approval before any create/update/delete/block action, and do not enable the self-signed-certificate bypass except temporarily on a controlled local network.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The skill documents destructive operations such as deleting tags, custom fields, contacts, and blocking/unblocking contacts without any caution, confirmation guidance, or scoping advice. In an AI-agent context, this increases the risk of accidental destructive actions against production customer data because the skill normalizes powerful state-changing commands without safeguards.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation instructs users to disable TLS verification via `CHATBOTX_ALLOW_SELF_SIGNED_CERT=true` without a clear warning about man-in-the-middle risk. In a skill that handles workspace API tokens and contact data, disabling certificate validation can expose authentication credentials and sensitive traffic to interception, especially on shared or untrusted networks.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal