ClawHub

APM 상품 관리 API

Security checks across malware telemetry and agentic risk

Overview

This is a coherent APM product-management API skill, but it gives agents access to live catalog changes and sensitive tokens without enough safety guidance.

Install only if you intend to let an agent work with APM product-management APIs. Use a least-privilege APM token, keep auth headers out of logs and prompts, require explicit confirmation before delete, price, stock, discount, or listing-status changes, verify the intended HTTP method for gds_m_delgoods, and review or redact screenshots/images before upload.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (16)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The documentation gives conflicting instructions for a destructive endpoint: the body text says to send a POST request with deletion parameters, while the Quick Reference labels the method as GET. This ambiguity can cause clients, gateways, caches, or SDKs to invoke deletion with the wrong HTTP semantics, increasing the risk of accidental deletion, unsafe retries, or sensitive parameters being placed in URLs.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill exposes destructive product-management operations such as add, edit, and delete, but the documentation provides no warning, confirmation guidance, or safety constraints before invoking them. In an agent setting, this increases the risk of unintended state-changing actions from ambiguous prompts, automation mistakes, or prompt injection that coerces destructive API use.

Natural-Language Policy Violations

Medium
Confidence
80% confidence
Finding
The skill hardcodes the locale header to 'lang=zh-cn' without describing user choice or consent. While not typically a direct compromise vector, fixed locale behavior can mislead users, alter search/results semantics, and cause agents to send requests in an unintended language context, especially in a Korean/Chinese multilingual commerce environment.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This skill performs a write operation that creates a new product listing, and the documented `is_sell` field allows immediate publication when set to `1`, but the skill does not prominently warn the caller about that side effect. In an agent setting, this increases the risk of unintended inventory publication or unauthorized business actions if a user or upstream workflow assumes the call is only a draft/save action.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
This skill exposes a seller-side product deletion operation without any warning about irreversible impact, confirmation expectations, or safety guidance around destructive use. In an agent-consumable skill, that omission makes accidental or automated mass deletion more likely, especially because the broader skill set includes many management endpoints and write access with token-based auth.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This skill documents a full-product update endpoint that can overwrite existing product fields, but it does not clearly warn that omitted or stale values may replace current data. Although the description mentions a version field for optimistic locking, it does not explicitly tell users to fetch the latest record and send a complete, validated payload before updating, which creates a realistic risk of accidental data loss or unintended inventory/price changes.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This skill documents a seller-side write endpoint that directly changes product discounting, but it does not clearly warn users that invoking it can immediately alter live pricing for customer-facing listings. In an agent context, that omission increases the chance of accidental high-impact administrative actions, especially because the operation is authenticated and intended for production seller accounts.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This skill documents a live write operation that directly changes product sale prices, but it does not include any explicit warning about business impact, accidental misuse, or the fact that changes affect production data. In an agent/tooling context, missing safety guidance increases the chance of unintended price changes, financial loss, and downstream customer-facing errors, especially because the endpoint is framed as a simple POST flow.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
This skill documents a state-changing endpoint that creates new product records but provides no explicit warning, confirmation, or guardrails about modifying backend data. In an agent context, that increases the chance of unintended product creation, misuse of a user's token, or accidental inventory/catalog pollution, especially because the operation is exposed as a straightforward POST workflow.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly accepts a complaint screenshot as base64 or a URL and sends it to a remote API, but the description does not warn the caller that potentially sensitive image content will be transmitted off-platform. Screenshots can contain personal data, account details, or other unrelated sensitive information, so the lack of disclosure and handling guidance increases privacy and data-leak risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly instructs callers to send a user access token in the authcode header to a remote AWS API endpoint, but it does not warn users that authentication data will be transmitted off-platform or explain the trust boundary. This creates a real risk of credential misuse, unexpected data disclosure, or users authorizing requests without understanding that their token is being sent to an external service.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
This skill documents a destructive bulk-delete endpoint for user goods without any guidance for confirmation, preview, undo, or safeguards against accidental invocation. In an agent context, a write-capable skill that can delete multiple items based only on provided IDs increases the risk of unintended or overly broad data loss if the agent misinterprets user intent or handles stale/incorrect IDs.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill documentation explicitly instructs users to obtain and transmit a user access token in the `authcode` header, but it provides no warning about handling sensitive credentials, storage, logging, or accidental disclosure. It also exposes a static `sign` value derivable from a hardcoded secret string, which encourages insecure authentication patterns and can lead users to treat secrets as non-sensitive documentation data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill documentation instructs users to send a bearer-style access token in the authcode header and upload base64-encoded image data to a remote AWS API endpoint, but it does not clearly warn that sensitive user content and credentials are being transmitted off-platform. This can undermine informed consent and increases privacy and credential-handling risk, especially because uploaded images may contain personal or sensitive information and the token authorizes account-backed API access.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill documentation explicitly embeds a static signing secret (`MD5('jsm6y$nu5wjsb')`) and instructs callers to use a user access token in request headers. Exposing credential material and a reusable signing mechanism in public-facing skill content increases the risk of unauthorized API use, secret reuse, and token mishandling, especially because there is no warning about secure storage, rotation, or transmission hygiene.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly instructs callers to transmit a user access token in the authcode header but provides no privacy, storage, redaction, or handling guidance. In an agent/tooling context, this increases the chance that sensitive bearer credentials are logged, echoed, cached, or exposed to downstream systems, enabling account misuse if the token is intercepted.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal