Is hubspot safe?

https://clawhub.ai/kwall1/hubspot

82
SAFE

This HubSpot skill is a straightforward API documentation reference containing curl command templates for HubSpot CRM and CMS operations. It contains no executable code, no install hooks, no hidden instructions, and no exfiltration vectors. The primary risks are theoretical: shell injection via unquoted parameter substitution in curl templates, and unintended CRM write operations due to the inclusion of create/update endpoints without agent-side confirmation guidance. Installation monitoring confirmed zero side effects.

Category Scores

Prompt Injection 90/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 80/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 70/100 · 5%

Findings (6)

MEDIUM Shell command templates with parameter placeholders -15

The skill contains approximately 30 curl command templates with placeholders like {contactId}, {dealId}, {companyId}, {ownerId}, and {email}. When an LLM agent substitutes user-provided values into these templates and executes them via shell, there is a theoretical shell injection risk if values are not properly quoted. The skill itself does not execute any code — it is purely documentation.

MEDIUM Write operations without confirmation guidance -25

The skill includes create and update endpoints (POST/PATCH for contacts, deals, associations, owner assignments) but provides no guidance for the agent to confirm before executing write operations. An ambiguous user request could trigger unintended CRM modifications.

LOW No prompt injection vectors detected -10

The skill contains no hidden instructions, no persona manipulation, no unicode tricks, no HTML comments, no instruction overrides, and no external URL fetching directives. All content is straightforward API documentation.

LOW Token exposure limited to declared secret -15

The skill only references HUBSPOT_ACCESS_TOKEN, which is properly declared in the metadata secrets array. No attempts to read filesystem secrets, environment variables beyond its own, or encode/exfiltrate data.

INFO Zero installation side effects 0

Monitoring confirmed no filesystem changes, network activity, process spawning, or firewall blocks during skill installation.

INFO Canary files untouched 0

All honeypot files remained intact throughout the audit.