ClawHub

1688 Distribution Shop Bind Newton

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed 1688 shop-binding helper that uses expected API credentials and browser authorization flows, with some privacy and URL-handling cautions but no artifact-backed malicious behavior.

Install only if you trust the 1688 gateway and the skill publisher with your 1688 shop-binding workflow. Expect it to use your ALI_1688_AK/OpenClaw config credential, query shop/tool metadata, and open authorization pages; verify the destination domain before logging in or approving access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill is described as operating only inside Newton's embedded browser, but this code adds a non-Newton Playwright fallback that can perform browser automation outside that boundary. That expands the trust and execution surface, weakens the user's expected security model, and could enable unauthorized navigation or login handling in environments where the embedded-client controls are absent.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
open_url_with_playwright accepts an arbitrary URL and launches a real browser to visit it, which exceeds the declared role of guiding a shop-binding flow in Newton's embedded browser. If an attacker can influence the URL, this creates a general-purpose browsing primitive that could be abused for phishing, token capture, or interaction with unexpected external sites outside the intended client safeguards.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill guides users through browser-based login/authorization inside an Electron embedded browser and also emits telemetry via stderr, but it does not clearly disclose what authentication data, shop/account metadata, or behavioral events may be collected, relayed, or stored. In this context, embedded-browser auth and telemetry increase privacy risk because users may enter sensitive credentials or grant authorizations without informed consent about handling and retention.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The fallback browser automation opens whatever URL it is given without any confirmation, warning, or provenance check. In the context of an authorization/login flow, silent navigation materially increases phishing and consent-bypass risk because users may not realize they are being directed to an unexpected site or automation path.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal