ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Enrich Industry

v1.0.0

Backfill contact-level industry from associated company records using a HubSpot workflow. Enables industry-based segmentation for targeted campaigns aligned...

0· 71·0 current·0 all-time
by@tomgranot
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's name, description, SKILL.md, and included scripts all align with a HubSpot 'enrich industry' workflow and verification. However the registry metadata declares no required environment variables or primary credential, while both SKILL.md and the shipped scripts expect an API token — this mismatch is incoherent and means the skill as-published omits a required secret. The scripts themselves do not request unrelated services or credentials, so functionality is appropriate but the metadata is incomplete/misleading.
!
Instruction Scope
SKILL.md describes creating a HubSpot workflow and includes small SDK examples, which is fine. But the included Python scripts (before.py/after.py) will be run to audit/enforce changes and they: 1) call HubSpot APIs, 2) read a .env file from the repository parent (load_dotenv(..., '../.env')), and 3) write CSV files locally. Loading ../.env is not documented in SKILL.md and can cause the script to load unrelated secrets from the agent environment; plus SKILL.md uses a different env variable name (HUBSPOT_API_TOKEN) in one snippet while scripts require HUBSPOT_ACCESS_TOKEN, creating ambiguity about what credential to provide.
Install Mechanism
There is no install spec (instruction-only), which reduces install-time risk. The scripts declare dependencies in comments (requests, python-dotenv) but there's no packaged installer; running them will require pip installing those packages. No external downloads or obscure URLs are used in the code — only calls to api.hubapi.com — so install risk is moderate/transparent but undeclared.
!
Credentials
Network access to HubSpot via a single API token is appropriate for the stated purpose. However: 1) the repository metadata does not declare the required HUBSPOT_ACCESS_TOKEN, 2) SKILL.md uses a different name (HUBSPOT_API_TOKEN) in a snippet, and 3) the scripts explicitly load ../.env which can pull any environment variables stored there (broader-than-needed exposure). These issues make credential handling unclear and potentially overbroad.
Persistence & Privilege
The skill is not flagged as always:true, does not request persistent system-wide privileges, and does not modify other skills' config. Autonomous invocation is allowed (platform default) but is not combined here with other red flags that would make that especially dangerous.
What to consider before installing
This skill appears to do what it says (create/verify a HubSpot workflow and run API-based audits) but the package has important inconsistencies you should resolve before use: - The code expects a HubSpot API token but the skill metadata does not declare any required env vars. The two places in the repo use different names (HUBSPOT_API_TOKEN in one SKILL.md snippet vs HUBSPOT_ACCESS_TOKEN in the scripts). Confirm which variable your environment should provide and update the skill metadata accordingly. - The Python scripts call only api.hubapi.com (no remote/personal endpoints), write CSVs locally, and require 'requests' and 'python-dotenv'. That behavior is consistent with the described purpose, but the scripts call load_dotenv('../.env') — which will read any .env file located at the repository root. Make sure you do not store unrelated secrets in that .env file and run these scripts in a controlled environment. - Use a HubSpot token with least privilege (only the scopes needed for reading/updating contacts/companies). Avoid using a full-owner token if not necessary. - If you plan to run these scripts via an agent, update the skill metadata to declare the required env var(s) and document how to provide them; consider removing or parameterizing the hard-coded .env path. If you cannot confirm or fix the env-variable mismatch and the .env usage, treat this skill as suspicious and avoid installing/running it in a sensitive environment.

Like a lobster shell, security has layers — review code before you run it.

latestvk978dynn9zm3y9600mvwdfxz3183n6em

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments