ClawMart Customer Insights

Security checks across malware telemetry and agentic risk

Overview

This customer analytics skill is not malicious, but it is a Review case because it asks agents to analyze private customer chats, email, and CRM data without clear privacy or storage boundaries.

Review before installing or using with real customer records. Only provide data you are authorized to process, redact unnecessary personal or confidential details, use a deliberate invocation/confirmation step, and decide where any local outputs or stored summaries will be kept and deleted.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The example trigger phrases are generic requests such as analyzing recent customer data or asking which customers are likely to convert. In many agent platforms, broad triggers can activate unintentionally during ordinary conversation, causing the skill to process sensitive customer communications or CRM context when the user did not explicitly intend to invoke it.

Missing User Warnings

High

Confidence: 95% confidence
Finding: The skill explicitly references WeChat chats, email correspondence, and CRM records, all of which commonly contain personal, confidential, and regulated business data. Without warnings, consent guidance, minimization instructions, or handling constraints, users may expose sensitive communications to the model or local storage in ways that create privacy, compliance, and confidentiality risks.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal