ClawHub

SZZG007 Customer CRM

Security checks across malware telemetry and agentic risk

Overview

This CRM skill has a legitimate purpose, but it asks the agent to handle sensitive customer records, cloud sync, credentials, message-derived updates, and automated cleanup without enough boundaries or confirmations.

Review this before installing if your CRM contains personal, regulated, or commercially sensitive data. Use it only with explicit user approval for cloud sync, narrow service-account permissions, protected credential storage, backups, dry-run previews for cleanup/conflict resolution, and clear limits on which email/message sources and customer fields the agent may read or change.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly supports syncing CRM/customer data to Feishu Bitable and Google Sheets, which are external services, but it does not present a clear user-facing warning, consent step, or data handling limits before transfer. Because the data includes personal and business contact details, silent or default cloud synchronization can cause unintended disclosure, cross-border transfer, or compliance issues.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill states it can automatically detect customer status updates from emails/messages, which implies monitoring and processing communication content that may contain sensitive personal, commercial, or confidential information. Without a clear notice, consent model, and scope limitation, users may unknowingly enable surveillance-like processing and over-collection of message data.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal