ClawHub

Amazon Market Trend Scanner

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed APIClaw Amazon market-research skill with some scope and credit-use caveats, but no evidence of hidden data theft, destructive behavior, or privilege misuse.

Install only if you are comfortable sending Amazon categories, keywords, ASINs, and your APIClaw key to APIClaw. Prefer the declared APICLAW_API_KEY environment variable, review credit usage for broad scans, and only enable scheduled monitoring after checking the generated cron or task configuration.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill requires environment access, file reads, and network activity, but does not declare permissions explicitly. This creates a transparency and governance gap: users or the platform may not realize the skill can access API keys, read local reference/runtime files, and make outbound requests, which weakens consent and review controls.

Tp4

High
Category
MCP Tool Poisoning
Confidence
87% confidence
Finding
The documented purpose is limited to category trend scanning, but the skill appears able to perform much broader product, competitor, review, pricing, and historical intelligence workflows. This mismatch is dangerous because it undermines informed consent and can let a seemingly narrow skill be used as a general reconnaissance tool beyond what users and reviewers expect.

Description-Behavior Mismatch

High
Confidence
90% confidence
Finding
The file exposes a broad multi-purpose API client with many composite workflows far beyond the advertised daily trend-scanning capability. In a skill environment, this increases attack surface and enables unintended data access and external actions, especially if callers can invoke arbitrary subcommands not aligned to the skill's stated purpose.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The listing-audit workflow is unrelated to a category trend scanner and materially expands the skill into product-level competitive intelligence. In context, this violates least privilege and can cause the agent to perform broader analysis than users or operators expect from this skill.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The review deep-dive workflow performs extensive product- and competitor-level review intelligence unrelated to daily category trend scanning. This broadened capability increases external data retrieval and may enable unauthorized or unexpected competitive analysis through a skill marketed for trend discovery.

Intent-Code Divergence

Medium
Confidence
84% confidence
Finding
The docstring openly states the script is a general client for all endpoints and composite workflows, which contradicts the skill's narrow marketed identity. This mismatch is a security-relevant transparency problem because it signals hidden or excessive capability and makes misuse more likely in an agent setting.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The trigger phrases include generic terms like market trends, what's hot, and which categories are growing, which can cause unintended invocation in unrelated conversations. Accidental activation can expose credentials-dependent network behavior, consume API credits, and trigger file/state updates without clear user intent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal