ClawHub

Ecommerce Reviews

Security checks across malware telemetry and agentic risk

Overview

This skill appears to extract visible e-commerce reviews as advertised, with a minor disclosed local-note feature users should understand.

Install only if you are comfortable with a skill that reads visible review content from pages you open and may keep a small local notes file about unusual scraping issues in the working directory. Do not use it on pages where collecting reviews would violate site terms, privacy expectations, or your organization’s rules.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill instructs reading from and appending to a persistent local memory file unrelated to the core task of extracting reviews from the current page. Unnecessary persistent state can leak prior browsing targets, accumulate sensitive operational notes, and create an unreviewed side channel for data retention across sessions.

Intent-Code Divergence

Medium
Confidence
84% confidence
Finding
The documentation says the skill only reads data visible to the user, but it also directs the agent to write execution notes to disk. This mismatch is dangerous because it hides state-changing behavior from users and reviewers, undermining informed consent and making it easier for seemingly read-only skills to persist data unexpectedly.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Writing to a persistent memory file without a user-facing warning causes undisclosed local state modification. This is risky because users may reasonably expect a scraping skill to be read-only, while the hidden write behavior can retain historical browsing or operational details beyond the immediate task.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal