ClawHub

Amazon Competitor Intelligence Monitor

Security checks across malware telemetry and agentic risk

Overview

This skill has a real Amazon competitor-monitoring purpose, but it ships a plaintext API key, preloaded monitoring data, and mismatched broader market-analysis instructions that require review before use.

Review before installing. The publisher should remove and rotate the bundled API key, ship empty monitor-data, align the reference docs with competitor monitoring, and fix quick_check.py to resolve paths relative to the installed skill. If you use it anyway, delete bundled config/baseline/history files, set your own APICLAW_API_KEY, and explicitly approve any recurring monitoring schedule.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The reference file describes a different skill ('Market Entry Analyzer') than the declared competitor-monitoring skill, which indicates specification drift or misbinding of documentation. This can cause the agent to invoke broader market-analysis behaviors and endpoints than users expect, increasing the chance of unauthorized data collection, incorrect actions, and unsafe tool use under the wrong trust boundary.

Intent-Code Divergence

Medium
Confidence
86% confidence
Finding
The file asserts that all 11 endpoints are used, while the manifest describes a two-mode competitor-monitoring workflow. This inconsistency can expand the agent's effective scope, leading to unnecessary endpoint access, extra data transmission, and actions that exceed least-privilege expectations for a monitoring skill.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The documented capabilities include market-entry and opportunity analysis, which go beyond the stated competitor-monitoring purpose. In context, this broadening is dangerous because it encourages collection and analysis outside the user-declared task, undermining transparency and increasing the risk of overreach and unintended business intelligence processing.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The example prompt set includes broad trigger phrases such as competitor analysis, benchmark, track competitor, and competitor comparison, which can plausibly appear in ordinary product-research or strategy conversations. If a platform uses these phrases for automatic skill routing, the skill may be invoked unexpectedly and cause unintentional external API calls, competitor-surveillance workflows, or credit consumption without the user clearly intending to run this skill.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The API key is loaded from disk and exported into the process environment without any disclosure or minimization. Environment variables are inherited by child processes by default, so a compromised or modified local script could access the credential more easily than necessary.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill persistently writes monitoring history and baseline snapshots to local disk without any user-facing disclosure or retention controls. This creates a privacy and data-governance risk because product intelligence, pricing changes, seller identities, and titles accumulate over time and may be exposed to other local users or later exfiltrated.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The code loads a bearer API key from a plaintext config.json in the skill directory without any permission checks, secure-storage guidance, or warning to the user. On shared systems or in copied skill directories, that increases the risk of credential disclosure through local file access, backups, source control mistakes, or artifact packaging.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal