ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Hubspot Implementation Plan

v1.0.0

Generate a phased implementation plan from a HubSpot audit report. Creates prioritized, sequenced cleanup processes with effort estimates, dependencies, and...

0· 73·0 current·0 all-time
by@tomgranot
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's name and description match the instructions: it reads an audit report and generates a phased plan. However, many tasks in the plan explicitly describe using the HubSpot API (setting custom flag properties, suppression scripts, list APIs) and executing potentially destructive cleanup actions (deleting contacts, suppressing contacts). The skill metadata declares no required environment variables or primary credential (no HubSpot API token/credentials). That omission is disproportionate: legitimate execution of the described tasks would require HubSpot API credentials and likely permission-scoped tokens.
Instruction Scope
SKILL.md stays focused on transforming an audit report into a plan and lists concrete tasks, phases, triggers, and automation feasibility. It instructs the agent to read the most recent reports/hubspot-audit-*.md file — which is expected. It also references other skills/commands (e.g., /delete-no-email-contacts) and directs destructive actions (delete/suppress). The instructions call for API usage, manual UI steps, and scripts; they do not instruct reading unrelated system files or exfiltrating data. Still, the instructions grant the agent latitude to run external scripts and call APIs (implicitly), so explicit guardrails (confirmation prompts before destructive tasks, required credentials) are missing.
Install Mechanism
This is an instruction-only skill with no install spec and no code files. Nothing will be written to disk by the skill itself during install, which minimizes install-time risk.
!
Credentials
No environment variables or credentials are declared, yet the skill repeatedly describes interacting with HubSpot APIs and performing account-level changes. Expected environment requirements (HubSpot API key / OAuth access token, client ID/secret or other scoped credentials) are missing. That lack of declared credentials is disproportionate and ambiguous: the agent or user will need to provide credentials at runtime, but the skill metadata gives no guidance about scope or least privilege.
Persistence & Privilege
The skill is not always-enabled, has no install-time persistence behavior, and does not request system-wide configuration changes. It does reference other skills/commands but does not modify other skills' configs. Autonomous invocation is allowed (default), which is normal; this alone is not a problem but combine with the other concerns above.
What to consider before installing
This skill appears to be what it claims (a generator of phased HubSpot implementation tasks) but it omits important operational details. Before installing/using it: 1) Confirm where the audit reports live (reports/) and that the agent has permission only to that directory. 2) Expect the skill to want HubSpot API access — do not provide broad account-level credentials. Instead create a least-privilege API token or OAuth app with only the specific scopes needed (contacts/lists/properties/workflows as appropriate). 3) The plan lists destructive tasks (delete/suppress). Require manual confirmation before running any destructive script and verify backups/export of data first. 4) The SKILL.md references other slash-commands (e.g., /delete-no-email-contacts). Verify those helper skills exist and review their metadata and credential needs. 5) If you will run the scripted automations, update the skill metadata to declare required env vars and document required HubSpot scopes; otherwise treat this as a planning-only, read-only skill. 6) If you want stronger assurance, ask the publisher for the missing credential requirements and an explicit safety checklist (confirmation prompts, dry-run mode, and audit logging) before granting the agent permission to act on your HubSpot account.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d4wjw78dybzqjmc8pswgd0583mq1n

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments