ClawHub

Gumroad Pro

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Gumroad management skill, but it can make live store changes and expose customer data without consistent safeguards.

Install only if you intend to let an agent administer a live Gumroad store. Use a dedicated Gumroad token where possible, verify sale/product/license IDs before running mutations, avoid creating webhooks to untrusted URLs, and assume customer emails, addresses, purchase details, and license keys may appear in chat or command output.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (14)

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The declared description understates the actual operational scope by omitting account/profile access and additional CRUD actions such as variant, subscriber, and checkout-field management. This mismatch is dangerous because users or orchestration layers may grant trust based on the narrower description while the skill can perform broader, potentially privacy-impacting or destructive merchant actions.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The reference documents `custom-fields` and `whoami` capabilities that are not described in the stated skill scope. Scope drift matters for agent tools because undocumented or undeclared actions can expose additional account data or mutate store configuration in ways a caller may not expect, weakening least-privilege and informed consent.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The manifest describes webhook management and several merchant functions, but the implementation also exposes subscriber enumeration and subscription-detail access. This capability mismatch is dangerous because an agent or operator may invoke broader customer/subscription management powers than expected, increasing the chance of unauthorized data access or business-impacting actions under incomplete consent assumptions.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The manifest only promises basic inventory management, while the code can modify deeper product configuration such as variants, variant categories, and custom fields. Undisclosed configuration powers can let an agent alter storefront behavior and checkout data collection in ways the user did not anticipate, creating integrity and privacy risk.

Description-Behavior Mismatch

Low
Confidence
82% confidence
Finding
The code exposes a merchant identity lookup (`user`/`whoami`) that is not disclosed in the manifest. While lower impact than mutation operations, this still broadens accessible account metadata and can leak account identity details to an agent or downstream logs without the user's informed expectation.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill advertises destructive operations such as deleting products, issuing refunds, and rotating license keys without any explicit confirmation, approval, or safety interlock requirement in the skill contract. In a merchant-management context tied to a live API token, accidental or prompt-induced execution could directly cause financial loss, service disruption, customer impact, or irreversible inventory and licensing changes.

Missing User Warnings

Medium
Confidence
76% confidence
Finding
The skill accepts an arbitrary user-supplied webhook destination URL and sends it to Gumroad without validation, confirmation of the destination, or a warning that store events will be forwarded externally. In a chat-driven agent context, this increases the risk of accidental or prompt-induced exfiltration of sales/refund/dispute data to attacker-controlled endpoints.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation presents destructive product deletion as a routine command with no warning, confirmation guidance, or rollback note. In an agent setting, this increases the chance that an LLM or operator executes an irreversible action on production inventory without appreciating the consequences.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
Refunds, shipment marking, and license disable/rotate/decrement operations directly affect customer funds and access rights, yet the reference gives no warning about customer impact, fraud risk, or audit sensitivity. In a commerce skill, these actions are especially dangerous because an agent could revoke access, issue unauthorized refunds, or alter fulfillment state with immediate business and customer consequences.

Missing User Warnings

Low
Confidence
84% confidence
Finding
Webhook creation allows the system to send store event data to an arbitrary URL, but the reference omits any privacy or network egress warning. This can lead to unintended exfiltration of transactional/customer data or registration of attacker-controlled endpoints if an agent is tricked into creating subscriptions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Product deletion is irreversible or difficult to recover from, yet the command performs the action immediately with no confirmation, dry-run, or force flag. In an agent context, a misunderstanding, prompt injection, or ambiguous instruction could trigger destructive business-impacting deletion without a human checkpoint.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Refunds directly affect revenue and customer transactions, but this command executes without any explicit confirmation or risk acknowledgment. In an agent-operated workflow, accidental or manipulated invocation could cause immediate financial loss and customer/accounting inconsistencies.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The sales details output includes customer email, purchaser email, license key, custom fields, affiliate data, and potentially full shipping address. In an agent skill, printing this sensitive data without minimization or privacy warning increases the risk of overexposure to logs, transcripts, or unintended recipients.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Webhook subscription creation allows event data to be sent to any user-supplied URL with no validation or warning. This can exfiltrate customer and transaction events to attacker-controlled infrastructure if an agent is tricked into creating a subscription, making the skill context especially dangerous because it has merchant-grade access to sensitive business events.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal