ClawHub

E-commerce Data Analyzer

Security checks across malware telemetry and agentic risk

Overview

The skill appears to perform ecommerce CSV analysis, but it ships exposed payment credentials and a payment-enabled debug web app that need review before use.

Review before installing. Treat the SkillPay key as compromised, avoid exposing the Flask server to a network, replace the Flask secret, confirm all SkillPay charges before uploading business data, and delete uploaded CSVs/reports after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
78% confidence
Finding
The skill advertises local CSV analytics but also declares integration with an external payment service, which implies outbound network access without clearly declaring corresponding permissions or trust boundaries. Undeclared network capability increases the risk of hidden data transmission or unexpected external dependencies, especially because users may upload sensitive sales data.

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
There is a material mismatch between the stated purpose of a CSV analytics/reporting tool and the documented behavior involving payment validation and additional SkillPay order, verification, or balance operations. Description-behavior mismatch is dangerous because it prevents informed consent, hides privileged capabilities, and may normalize unexpected billing or external API actions not required for core analytics.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
A hardcoded SkillPay API key is a direct credential exposure that can allow unauthorized parties to create charges, query account state, abuse billing features, or impersonate the skill against the payment provider. Because it is embedded in documentation/manifest content, anyone with file access can extract and misuse the secret immediately.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill asks users to upload sales data and also integrates a third-party payment service, but it does not clearly warn users about privacy, data sensitivity, retention, or whether any information may be shared with external services. In an ecommerce context, uploaded CSVs can contain commercially sensitive revenue, product, and inventory data, so missing disclosure increases confidentiality and compliance risk.

Missing User Warnings

High
Confidence
99% confidence
Finding
A live-looking SkillPay API key is hardcoded directly in source code and then sent to an external service. Hardcoded secrets are easily leaked through repositories, logs, package distribution, or downstream reuse, allowing unauthorized order creation/verification and abuse of the payment account.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
A live SkillPay API key is hardcoded directly in source code, which exposes a secret to anyone who can read the file, repository, logs, or packaged artifact. An attacker could use the credential to invoke billing APIs, generate payment links, or abuse the associated account, causing financial loss and service compromise.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal