ClawHub

AI Product Comparison Skill

Security checks across malware telemetry and agentic risk

Overview

The skill mainly performs product comparison as described, but it includes unsafe DNS troubleshooting instructions that could change the whole system's network behavior.

Review before installing. Use only public product URLs you are comfortable sending to Zyte, prefer environment variables or a secure local secret store for ZYTE_API_KEY, and do not run or allow an agent to run the /etc/resolv.conf DNS command; DNS issues should be handled separately with administrator-approved network settings.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The README tells users to run `echo "nameserver 8.8.8.8" > /etc/resolv.conf`, which overwrites system DNS configuration and is unrelated to the core product-comparison function. This can break networking, bypass enterprise DNS controls, and create unsafe copy-paste behavior for users following troubleshooting steps without understanding system impact.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The instruction to overwrite /etc/resolv.conf changes system-wide DNS settings, which is unrelated to ordinary product comparison logic and can affect all network resolution on the host. In a privileged or shared environment, this can break connectivity, bypass enterprise DNS policy, or redirect traffic through an untrusted resolver, creating integrity and privacy risks.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The README describes sending user-supplied product URLs to Zyte for extraction but does not clearly warn that those URLs and associated request metadata are transmitted to a third-party service. In a shopping context this may expose browsing intent, internal URLs, or sensitive product links, especially if users paste private or non-public endpoints.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README instructs users to place `ZYTE_API_KEY` directly into configuration files such as `openclaw.json` without warning about secret exposure. Storing live API keys in plaintext configs increases the risk of accidental disclosure through source control, backups, shared workspaces, or local file compromise.

Missing User Warnings

High
Confidence
97% confidence
Finding
The troubleshooting advice suggests overwriting `/etc/resolv.conf` with no warning about privileges, persistence, or side effects. Because this is a privileged system-level change unrelated to normal skill operation, it can disrupt connectivity, circumvent managed DNS protections, and encourage dangerous administrative actions from untrusted documentation.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill sends user-provided product URLs to a third-party API without an explicit user-facing disclosure about external transmission. Even if product URLs seem low sensitivity, they can reveal shopping intent, affiliate parameters, session-linked identifiers, or internal/private links, creating privacy and data-handling concerns.

Missing User Warnings

High
Confidence
98% confidence
Finding
The documented command performs a privileged, system-level DNS reconfiguration without adequate warning, scope limitation, or safety controls. This can alter global host behavior, interfere with security monitoring and policy enforcement, and expose all subsequent network traffic to an external resolver.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script sends user-supplied product URLs and the Zyte API credential to an external third-party service, but the code and interface shown here do not provide any explicit user-facing disclosure or consent step before that transmission. In an agent skill context, users may paste private or non-public commerce links without realizing they are being forwarded off-platform, creating a meaningful privacy and trust risk even though the transmission is functionally required for the skill.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal