ClawHub

电商商品兴趣度分析

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent local ecommerce report generator, but its generated HTML can run untrusted script from report data and from a CDN, so users should review it before installing.

Install only if you trust the CSV/JSON data you will analyze and are comfortable with generated reports loading Chart.js from a public CDN. Avoid opening reports made from third-party or untrusted data until the publisher escapes report fields and either bundles Chart.js locally or pins it with integrity controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The documentation says all data is processed locally, yet the generated HTML loads Chart.js from a CDN, which causes external network access when the report is opened. This can leak usage metadata and potentially sensitive context through browser requests, while also misleading users about the true data flow.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The generated report loads Chart.js from a public CDN at runtime, which introduces third-party code execution and a network dependency into what appears to be a local report generator. If the CDN content is tampered with, blocked, or swapped via a man-in-the-middle or supply-chain compromise, anyone opening the report may execute untrusted JavaScript in their browser.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
Multiple fields from the input JSON, such as product_name, suggestions, findings, and diagnostic text, are interpolated directly into HTML and JavaScript contexts without escaping. An attacker who controls input data can inject arbitrary HTML or script into the generated report, causing stored XSS when the analyst or user opens the file locally in a browser.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal