ClawHub

Walter Competitor

Security checks across malware telemetry and agentic risk

Overview

This looks like a real Amazon competitor-analysis skill, but one script builds and runs shell commands from user-provided inputs, which creates local command-execution risk.

Review before installing. Use it only with trusted keywords/ASINs until the mcporter wrapper is changed to avoid `shell=True` and validate inputs. Expect your product, keyword, ASIN, traffic, and review-analysis queries to be sent to SellerSprite under the configured account; use a dedicated, limited SellerSprite key where possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def run_mcporter(command: str) -> Dict[str, Any]:
    """执行 mcporter 命令并返回解析后的 JSON"""
    try:
        result = subprocess.run(
            command,
            shell=True,
            capture_output=True,
Confidence
99% confidence
Finding
result = subprocess.run( command, shell=True, capture_output=True, encoding='utf-8', errors='replace', timeout=30

Tp4

High
Category
MCP Tool Poisoning
Confidence
92% confidence
Finding
The documented behavior understates the breadth of data access and operational capability, especially external service usage, broader market intelligence collection, and possible command execution. This is dangerous because users and reviewers cannot accurately assess what data is fetched, what third-party systems are contacted, or whether the skill exceeds the expected scope of competitor analysis.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill automatically retrieves competitor intelligence and analyzes third-party product and review data without clearly warning the user in the description. That omission is risky because it reduces informed consent, obscures external data collection behavior, and can create legal, compliance, or trust issues depending on how review and competitor data are sourced and processed.

Natural-Language Policy Violations

Medium
Confidence
94% confidence
Finding
The code hard-codes `self.marketplace = "US"` and then uses it in competitor discovery without any user choice, validation, or documentation. In a skill that performs automated competitor intelligence and generates market-specific attack recommendations, forcing the wrong marketplace can silently produce misleading analysis, wrong targets, and inappropriate budget decisions for users operating in other regions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal