Security Audit

hubspot

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned 3 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

hubspot received a trust score of 68/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 1 critical, 0 high, 1 medium, and 0 low severity. Key findings include Potential Command Injection via Unsanitized Parameters in Shell Commands, Excessive Permissions Risk with HubSpot Access Token.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

63%

Behavioral Risk Signals

Network Access

1 finding

Filesystem Write

1 finding

Shell Execution

1 finding

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
CRITICAL	Potential Command Injection via Unsanitized Parameters in Shell Commands The skill documentation provides numerous `curl` and PowerShell `Invoke-RestMethod` examples that use placeholders like `{contactId}`, `{email}`, `{companyId}`, `{dealId}`, and `{ownerId}`. If these placeholders are directly substituted with unsanitized user input when the LLM generates and executes commands, a malicious user could inject arbitrary shell commands or manipulate API requests. For instance, injecting shell metacharacters into a parameter could lead to arbitrary code execution on the host system. Implement robust input validation and sanitization for all user-provided parameters before constructing and executing any shell commands. Escape or disallow shell metacharacters. Consider using a dedicated API client library that handles parameter serialization and escaping safely, rather than raw shell commands, to mitigate this risk.	LLM	SKILL.md:31
MEDIUM	Excessive Permissions Risk with HubSpot Access Token The skill demonstrates a wide range of operations across HubSpot CRM (contacts, companies, deals, owners) and CMS (pages, domains, files), including creation, listing, searching, updating, and associating records. The manifest declares `HUBSPOT_ACCESS_TOKEN` as a secret. If this token is configured with overly broad scopes (e.g., full read/write access to all CRM and CMS objects), the skill could be leveraged to perform extensive and potentially unauthorized actions within HubSpot. The documentation explicitly states 'Full CRUD operations supported with appropriate scopes'. Ensure the `HUBSPOT_ACCESS_TOKEN` is configured with the principle of least privilege, granting only the minimum necessary scopes required for the skill's intended functionality. Regularly review and audit the scopes of API tokens to prevent over-permissioning.	LLM	SKILL.md:10

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/414cad9f79e67550.svg)](https://skillshield.io/report/414cad9f79e67550)