Hubspot Audit

Security checks across malware telemetry and agentic risk

Overview

This HubSpot audit skill is mostly coherent, but it combines sensitive CRM access with under-scoped instructions to create local skills and optionally push them to GitHub.

Review before installing. Use a dedicated least-privilege HubSpot token, keep .env and reports out of source control, and treat generated reports as confidential. Do not allow the skill to create new skills, commit, push, fork, or open pull requests unless you explicitly want that separate repository-changing workflow.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Context-Inappropriate Capability

High

Confidence: 97% confidence
Finding: The skill’s core purpose is auditing a HubSpot portal, but these instructions expand into creating new skills, forking a repo, pushing code, and opening a PR. That introduces unrelated code modification and exfiltration/supply-chain actions based on audit output, which could cause unauthorized repository changes or disclosure of internal business logic and findings.

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: The skill is presented as a CRM audit, but it also prescribes and orchestrates execution of numerous follow-on remediation skills. This scope expansion can pressure an agent into taking operational actions beyond read-only assessment, increasing the chance of unintended destructive or high-impact changes from a seemingly safe audit request.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill instructs handling a HubSpot private app token and storing it in `.env` without warning about credential sensitivity, least-privilege scopes, or avoiding accidental logging/commit. This can lead to credential leakage through shell history, local files, screenshots, logs, or source control.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill directs generation of a detailed CRM audit report containing portal metrics and customer/business data, but it does not warn that the saved output may contain sensitive or regulated information. Persisting such reports to disk can create secondary exposure through local access, backups, syncing services, or accidental sharing.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal