ClawHub

Crm Add Record

Security checks across malware telemetry and agentic risk

Overview

This CRM skill is mostly coherent, but it exposes shared CRM login credentials and can create records without a clear final approval step.

Review before installing. Do not use this with any real CRM until the exposed credentials have been removed and rotated, authentication uses user-owned or managed secrets, and the skill requires confirmation of the exact fields before saving a record.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Tp4

High
Category
MCP Tool Poisoning
Confidence
89% confidence
Finding
The skill content includes hardcoded credentials and a specific internal CRM URL, which materially expands behavior beyond a normal record-entry helper and exposes sensitive access details. Even if some automation steps are only documented rather than executable code, publishing usable credentials in a skill is itself a real security issue because it can enable unauthorized CRM access and downstream record tampering or data exposure.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill explicitly discloses CRM credentials (weiyj / weiyj123) in documentation. This is dangerous because anyone with access to the skill can reuse the credentials to log into the CRM, potentially exposing customer data, creating or altering records, and pivoting further if the account has broader permissions.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The implementation materially differs from the advertised behavior: instead of securely automating CRM entry, it prints user-supplied data and reveals login details for manual use. This kind of security-deceptive mismatch is dangerous because users or orchestrators may trust the skill with sensitive CRM data under false assumptions about how it operates and what capabilities it exposes.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The script contains and displays hard-coded CRM credentials, which is a direct secret exposure vulnerability. Anyone with access to the skill or its output can reuse those credentials to access the CRM system, potentially leading to unauthorized record access, modification, or broader account compromise.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The skill instructs automated submission to an external CRM without requiring explicit confirmation or warning that it will modify real system records. In this context, the action is state-changing and could create unauthorized, erroneous, or privacy-impacting entries if triggered from ambiguous user input.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill combines login instructions with embedded credentials and no guidance on secure handling of authentication or CRM data. In a CRM context, this is especially dangerous because the system likely contains customer and sales information, so insecure credential handling can lead to confidentiality breaches and unauthorized modifications.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill metadata uses broad activation language such as 'automate adding new CRM records' and 'use when user asks to add new CRM entries, customers, or sales leads' without clear scoping, approval requirements, or validation constraints. In a CRM-writing skill, this increases the chance of unintended invocation and unauthorized or erroneous creation of customer records, which can affect data integrity and trigger downstream business actions.

Missing User Warnings

High
Confidence
99% confidence
Finding
Printing production-style login credentials in normal output exposes sensitive authentication data without any access control, masking, or need-to-know restriction. In the context of a CRM skill, this is especially dangerous because users may copy logs, transcripts, or terminal output, causing uncontrolled credential leakage beyond the intended operator.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal