ClawHub

Supermarket Deals (DE)

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed supermarket-deal lookup tool with manageable privacy and local-cache considerations, not evidence of malicious behavior.

Install only if you are comfortable sending product searches and a ZIP code to Marktguru and with the tool caching Marktguru keys and preferences in ~/.supermarket-deals. Remove that directory when you stop using the skill, and avoid running npm setup as an administrator.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill explicitly performs network access to Marktguru APIs and homepage key retrieval, yet no permissions are declared. Hidden or undeclared network capability reduces transparency for users and platforms, making it harder to assess data exposure, external dependencies, and whether runtime behavior matches expectations. In this context the network use appears central to the advertised functionality, so the issue is more likely an omission than malicious concealment.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The skill description says no API key is needed, but the code deliberately scrapes Marktguru's homepage to extract apiKey and clientKey values and then uses them for authenticated requests. This is a true security and trust issue because it bypasses normal credential expectations, conceals credential use from users, and relies on harvesting third-party keys that may be restricted or rotated.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The code stores harvested third-party API credentials in a predictable file under the user's home directory. Even though these are not the user's own secrets, persisting them locally increases the chance of unintended reuse, leakage to other local processes, or confusion about what data the tool is storing.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill writes API/client keys to disk without any user-facing notice or consent mechanism in this file. Silent persistence of credentials, especially ones harvested from a third party, is risky because it hides sensitive behavior from users and creates local artifacts that may be accessible beyond the immediate execution context.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal