ClawHub

ieasysell

Security checks across malware telemetry and agentic risk

Overview

This sales automation skill fits its general purpose, but it asks for a browser login token and automatically syncs customer contact data without clear controls.

Review carefully before installing. Do not paste a browser Local Storage login token unless you fully trust the publisher and understand it may grant session-level account access. Confirm how to stop background polling, redact customer contact details, delete stored visitor records, and recover from link resets before using it with real customers.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases are generic promotional statements such as 'real-time boss notification' and 'AI salesperson that gets smarter with use,' which can plausibly appear in normal user conversation and unintentionally invoke the skill. Because this skill handles customer reception and business data flows, accidental activation could expose or redirect sensitive conversations into the skill's reporting and synchronization path without clear user intent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill advertises automatic synchronization with OpenClaw and real-time boss notifications but does not present a clear, prominent warning that customer conversations and related data will be transmitted and reported. In a sales and customer-reception context, this creates a meaningful privacy and consent risk because users or external customers may disclose sensitive commercial or personal information without understanding that it is being monitored and shared internally.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger list contains broad marketing-style phrases such as '实时通知老板' and '越用越聪明的AI业务员' that could match ordinary conversation rather than an explicit user request to invoke this skill. In an agent ecosystem, overly permissive activation phrases can cause unintended invocation, exposing configured business context or causing actions to run without clear user intent.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill explicitly instructs users to retrieve a live authentication token from browser Local Storage and paste it into the tool. That encourages unsafe credential handling, increases the chance of token theft or reuse, and gives the skill broad account access if the token is over-privileged or long-lived.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill silently starts a background sync loop that fetches visitor records and pushes user notifications containing visitor data, without obtaining explicit consent or presenting a privacy notice before processing. Because the synced records can include contact details and behavioral data, this creates real privacy, compliance, and unauthorized disclosure risk.

Ssd 3

High
Confidence
97% confidence
Finding
The code stores recent visitor records in memory and rediscloses their details through notifications, which expands the number of copies and surfaces where personal data exists. In this context, the records may include contact information and engagement history, so unnecessary retention and redistribution materially increases privacy and breach impact.

Ssd 3

High
Confidence
98% confidence
Finding
The notification builder is designed to echo all available contact details such as email, phone, and WhatsApp in plain text to the operator. This is dangerous because it intentionally rediscloses personal data beyond the original collection context, increasing the likelihood of leakage through logs, screenshots, notification channels, or unauthorized operator access.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal