ClawHub

Amazon Shopper

Security checks across malware telemetry and agentic risk

Overview

This Amazon automation skill is coherent in purpose, but it asks the agent to handle credentials and complete purchases or returns without enough user approval.

Review carefully before installing. Use only with manual Amazon login, do not let the agent access a password manager, prefer a dedicated browser profile, and require explicit final confirmation before any purchase or return is submitted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs the agent to execute Amazon returns silently and only notify the user after the return is confirmed. Returns are consequential account actions that can trigger refunds, inventory/account flags, and irreversible workflow changes, so suppressing upfront notice removes an important user-consent checkpoint. In this e-commerce context, the danger is elevated because the agent is operating a real logged-in retail account with stored payment, order, and return capabilities.

Missing User Warnings

High
Confidence
98% confidence
Finding
The reorder flow authorizes placing an order without confirmation, meaning the agent can complete a real purchase on a logged-in Amazon account without a final user approval step. This is highly risky because it can immediately spend money, ship to the wrong address, or purchase the wrong item based on ambiguous order-history matches; the Amazon purchasing context makes the impact more severe than a generic automation flow.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal