Back to skill

Security audit

clawec-amazon-competitor-monitor

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed ClawEC Amazon competitor lookup integration that sends user-provided marketplace, brand, seller, ASIN, or keyword data to ClawEC using a user API key.

Install only if you are comfortable giving the skill a ClawEC API key and sending Amazon research inputs such as brands, seller names, ASINs, keywords, and recent search-log lookups to ClawEC. Review ClawEC account permissions and costs/points before using AI interpretation or polling.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill instructs use of environment variables and shell/curl commands but does not declare corresponding permissions or capabilities. This creates a transparency and policy-enforcement gap: an agent may access secrets or execute external requests without users or the platform having an explicit permission boundary.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill is described as performing competitor lookup/monitoring queries, but this script calls a search-logs endpoint that retrieves historical query data instead. That mismatch expands the skill's effective capability into log/history access, which can expose prior user activity or sensitive business intelligence without clear user expectation or need.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
Exposing log retrieval in a skill meant for competitor monitoring introduces access to potentially sensitive historical searches that are not clearly justified by the stated functionality. In this context, logs may reveal prior business research, seller targets, keywords, or other operational intelligence, making the capability more dangerous than a normal search operation.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The invocation description is broad enough to trigger on generic competitor-monitoring or lookup requests without clear scoping to Amazon/ClawEC-specific use. Overbroad triggering can cause the wrong skill to activate, leading to unnecessary external data disclosure, unexpected API usage, or collection of user-supplied business data in contexts where the user did not intend this tool to run.

Natural-Language Policy Violations

Medium
Confidence
76% confidence
Finding
The skill content is written to operate in Chinese and may bias agent behavior toward Chinese-language responses without checking the user's language preference. While not a classic security flaw, this can degrade informed consent and clarity around what data is being sent externally, especially if users misunderstand prompts, API-key requests, or output summaries.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.