ClawHub

amazon-monitor亚马逊商品监控

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it advertises: scrape Amazon product data, compare competitors, and save local monitoring/report files.

Install only if you are comfortable with Amazon scraping, Playwright installing Chromium, and local files being saved in the working directory. Use valid 10-character ASINs, avoid path-like ASIN values, review or delete generated JSON/PNG/TXT files when done, and keep polling frequencies reasonable to avoid Amazon rate limits or CAPTCHA.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Tainted flow: 'report_file' from input (line 243, user input) → open (file write)

Medium
Category
Data Flow
Content
# 保存报告
        report_file = f"competitor_analysis_{my_asin}.txt"
        with open(report_file, 'w', encoding='utf-8') as f:
            f.write(report)
        print(f"\n报告已保存: {report_file}")
Confidence
92% confidence
Finding
with open(report_file, 'w', encoding='utf-8') as f:

Vague Triggers

Medium
Confidence
88% confidence
Finding
The example trigger phrases and usage patterns are broad enough to overlap with normal conversation about Amazon monitoring, competitor analysis, and price tracking. This can cause unintended invocation of the skill and lead to scraping, monitoring task creation, or local file writes when the user may have only been asking a general question, increasing the risk of unauthorized actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill description and nearby documentation do not prominently warn users that it creates persistent monitoring artifacts and writes multiple files locally by default. Because the skill supports scheduled monitoring and historical storage, the absence of a clear up-front warning reduces informed consent and can leave users unaware of ongoing background state and retained data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal