ClawHub

Huo15 Crm Agent

Security checks across malware telemetry and agentic risk

Overview

This CRM sales skill is coherent and purpose-aligned, but users should understand that its Qichacha features make external API calls and can generate CRM/messaging action drafts.

Install only if you are comfortable configuring Qichacha credentials and sending company search/detail identifiers to Qichacha for enrichment. Review generated nextActions before allowing Odoo or messaging plugins to create leads, schedule activities, post notes, or send outreach, and treat the README no-network claim as outdated.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The README makes a materially misleading safety claim: it says the plugin does not open network connections, yet earlier sections explicitly describe direct Qichacha OpenAPI usage for company search and detail retrieval. Misstating outbound network behavior can cause operators to deploy the skill under incorrect trust assumptions, especially where data egress, firewall rules, or privacy review matter.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documented workflows encourage bulk CRM writes, activity scheduling, message posting, and outbound messaging, but do not prominently warn about transmitting company/contact data to third-party systems or the compliance implications of mass outreach. In a CRM/sales automation context, this increases risk of privacy violations, unauthorized processing, and accidental spam or over-sharing if users treat the workflow as routine and safe-by-default.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list includes broad phrases like '找客户', '搜企业', and '销售话术', which are common user intents and may cause the skill to activate when the user did not specifically want this CRM agent. Unintended invocation can route business data into the wrong workflow, cause unnecessary external lookups, or prime downstream CRM/Odoo actions even if the skill says user confirmation is required.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The tool sends company identifiers provided by the user to the external Qichacha API via `client.detail(params)` without an explicit runtime disclosure or consent step in this tool's execution path. In a CRM/prospecting context, users may reasonably expect enrichment, but undisclosed transfer of business identifiers to a third-party service can create privacy, compliance, and data-governance issues, especially if identifiers or target lists are sensitive.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal