ClawHub

Willhaben

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Willhaben listing helper whose sensitive behavior is disclosed and aligned with its purpose, though users should supervise posting and stored preferences.

Install only if you want an agent to operate a signed-in Willhaben browser session. Before allowing it to publish, review the listing text, price, photos, location/contact details, package size, shipping choices, and confirm paid promotion options remain unselected. Also review or delete config/user-preferences.json if you do not want local location and selling preferences kept for reuse.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The invocation description is overly broad: "Use when the user wants to sell something" can match generic selling requests even when the user did not explicitly ask to use Willhaben or to post a live marketplace listing. In this skill’s context, that is risky because the skill performs browser automation with a saved logged-in account and can create real public listings, so over-triggering can lead to unintended marketplace actions.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill does not prominently warn that browser automation will publish a live listing using an already authenticated account. Because the workflow culminates in clicking "Veröffentlichen" and relies on saved login state, a user may provide item details without realizing this can cause an immediate real-world posting under their identity.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The setup explicitly persists user location and other preferences to a local JSON file, but the flow shown does not instruct the agent to disclose that this personal data will be stored or obtain explicit consent. In a marketplace context, location data is sensitive enough to create privacy risk if the host environment is shared, compromised, or logs/config files are exposed.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal