Back to skill

Security audit

Ecommerce Manager Claw

Security checks across malware telemetry and agentic risk

Overview

This skill is for ecommerce administration, but it asks users to share powerful store credentials and can change live store data with weak scoping and safety guidance.

Review carefully before installing. Use only narrowly scoped, temporary credentials, avoid pasting long-lived admin secrets into normal chat, explicitly approve every write/delete/fulfillment/customer update, and revoke or rotate credentials after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (13)

Vague Triggers

High
Confidence
97% confidence
Finding
The skill is configured to trigger on very broad, casual mentions of stores or shops and says to 'always use this skill' for ecommerce-related interaction. That can cause the agent to invoke a high-privilege backend-management workflow in situations where the user did not clearly intend administrative access, increasing the chance of unnecessary credential collection, sensitive data exposure, or unintended store modifications.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill explicitly instructs the agent to ask users to paste API tokens, secrets, refresh tokens, and admin credentials into chat, while reassuring them they are 'never stored anywhere' without any validated guarantee. This encourages unsafe handling of highly sensitive secrets and can lead to account compromise across ecommerce platforms if chat logs, tooling, or downstream systems are exposed.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This reference file documents multiple state-changing and destructive ecommerce operations, including shipment confirmation, listing updates, product creation/deletion, order state transitions, and customer updates, without any guidance about confirmation, authorization checks, scope restrictions, or irreversible effects. In the context of an agent skill that is supposed to act on live store backends, this makes unsafe automation more likely and increases the chance of accidental or unauthorized business-impacting actions.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
This reference file documents multiple state-changing and destructive BigCommerce operations, including inventory updates, order status changes, customer updates, product creation, and product deletion, without any cautionary guidance, confirmation requirements, or notes about irreversible business impact. In the context of an ecommerce-management skill that is supposed to act on live store backends, this increases the risk that an agent could perform unintended modifications or deletions on production data from casual or ambiguous user requests.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guide instructs users how to generate powerful API credentials across multiple ecommerce platforms but does not warn them not to paste tokens, secrets, or private keys into chat. In this skill context, that omission is dangerous because the assistant is positioned as the destination for store-management workflows, increasing the likelihood that users will disclose credentials directly and expose full backend access.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This reference documents direct write operations that change products, stock quantities, and order states, but provides no guidance about confirmation, authorization, or the business impact of these actions. In a skill explicitly designed to manage live ecommerce backends, that omission increases the risk that an agent will perform destructive or irreversible changes based on ambiguous, mistaken, or prompt-injected user input.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The reference includes a fully formed destructive `productDelete` mutation without any warning, confirmation guidance, or guardrails around irreversible actions. In a skill explicitly designed to manage ecommerce backends in real time, this can normalize or facilitate accidental or unauthorized destructive operations, increasing the chance of product loss or store disruption.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The customer examples expose direct access to personal data fields such as email, phone, address, and spending history, and also show mutation of customer records without any privacy, minimization, or authorization guidance. In the context of an ecommerce-management skill, this raises the risk of unnecessary PII exposure, privacy violations, and misuse of sensitive customer data.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This reference exposes multiple state-changing ecommerce operations such as product updates, product creation, inventory updates, and order fulfillment, but provides no cautionary guidance about confirmation, authorization scope, or the risk of modifying live store data. In the context of an agent skill explicitly intended to manage ecommerce backends in real time, this omission increases the chance that an agent or user will perform unintended destructive or business-impacting actions on production systems.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The reference includes a permanent product deletion endpoint using `force=true` without any caution about irreversibility, confirmation requirements, or expected safeguards. In an agent skill designed to manage ecommerce backends in real time, this increases the risk that an LLM or user prompt could trigger destructive actions that remove catalog data unintentionally.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The reference explicitly highlights customer and order fields such as names, emails, billing details, and line items without any privacy, minimization, or handling guidance. Because this skill is meant to retrieve and manage live ecommerce data, exposing PII-related fields in reference material can normalize over-collection or over-disclosure of sensitive customer information by downstream agent behavior.

Credential Access

High
Category
Privilege Escalation
Content
| **BigCommerce** | Store Hash + API Access Token |
| **Wix** | Site ID + API Key (from Wix Dev Center) |
| **PrestaShop** | Store URL + API Key |
| **Adobe Commerce / Magento** | Store URL + Admin Token or Integration Access Token |
| **Amazon (SP-API)** | Marketplace ID + LWA Client ID + Client Secret + Refresh Token |
| **Etsy** | Shop ID + API Key + Access Token (OAuth2) |
| **Shopware** | Store URL + API Access Key + API Secret Key |
Confidence
98% confidence
Finding
Access Token

Credential Access

High
Category
Privilege Escalation
Content
| **PrestaShop** | Store URL + API Key |
| **Adobe Commerce / Magento** | Store URL + Admin Token or Integration Access Token |
| **Amazon (SP-API)** | Marketplace ID + LWA Client ID + Client Secret + Refresh Token |
| **Etsy** | Shop ID + API Key + Access Token (OAuth2) |
| **Shopware** | Store URL + API Access Key + API Secret Key |

For non-technical users, guide them step-by-step on where to find these.
Confidence
98% confidence
Finding
Access Token

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.