ClawHub

Amazon Daily Market Radar

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a disclosed APIClaw-based Amazon market monitoring helper, with some documentation and scoping caveats but no artifact-backed deception or destructive behavior.

Install only if you want APIClaw to process your Amazon ASINs, keywords, categories, and competitor-monitoring queries. Use an API key dedicated to this service, avoid scheduling it unless you are comfortable with repeated external API calls and credit usage, and prefer explicit Amazon/APIClaw prompts when invoking the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
83% confidence
Finding
The skill requires access to environment variables, local files, and the network, but those capabilities are not explicitly declared as permissions. That weakens reviewability and consent, because a host or user cannot easily tell that the skill reads secrets, persists state in local files, and makes external API calls. In an unattended automation context, undeclared capabilities are more dangerous because they can run repeatedly without close human oversight.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented purpose is narrow daily monitoring, but the described behavior expands into broad product-research, direct endpoint utilities, config-file API key loading, and other workflows not implied by the headline description. This is a trust-boundary problem: operators may approve the skill expecting a constrained monitor while it can perform wider data access and alternate secret-loading behavior. In security review, hidden or under-disclosed functionality materially increases risk because it bypasses least-privilege expectations and may expose local secrets from config files.

Context-Inappropriate Capability

Low
Confidence
86% confidence
Finding
The self-check path reads credentials from ~/.apiclaw/config.json, which is a broader host-level location outside the skill directory and inconsistent with the primary credential-loading path. In an agent environment, this can cause the skill to consume unrelated user secrets from the local machine without clear disclosure, expanding credential exposure beyond what the skill purpose requires.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README explicitly promotes unattended, cron-ready monitoring but does not clearly disclose that product, competitor, and seller-tracking inputs will be transmitted to multiple third-party API endpoints. In an automation context, this omission can cause users to enable persistent background collection and external sharing without informed consent, increasing privacy, compliance, and operational risk.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The skill silently reads an API key from a local config.json adjacent to the skill code when the environment variable is absent. In a multi-skill or agent-hosted environment, implicit credential discovery from local files can lead to unintended secret use and weakens user awareness and consent around which credentials are being accessed.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal