ClawHub

电商多平台商品数据分析助手

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: fetches ecommerce product information, compares prices, and writes a local HTML report, with no evidence of hidden exfiltration or persistence.

Install only if you are comfortable with the skill fetching product pages and searches externally. Expect it to leave product-analysis data and a report in /tmp, and avoid opening reports generated from suspicious product links because third-party page text is inserted into the HTML report.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger list contains broad natural phrases like '帮我看看这个商品', '分析这个链接', and '这个值不值', which can cause unintended invocation in ordinary conversation. Accidental triggering can lead to unanticipated network access, external searches, and local file creation using user-supplied links without clear intent confirmation.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill writes structured data to /tmp/ecommerce_data.json and generates /tmp/ecommerce_report.html, but this local file output is not surfaced prominently in the user-facing behavior summary. Undisclosed file creation can surprise users, leak sensitive browsing or product-interest data to shared environments, and leave residual artifacts on disk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill processes arbitrary user-provided ecommerce links and performs WebFetch/WebSearch requests to external platforms, but this side effect is not clearly highlighted as a consent-relevant action. This is risky because it can expose user interests, cause requests to third-party services, and potentially follow shortened or redirected links to unexpected destinations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal