ClawHub

Taobao Keyword Search

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly a Taobao product-scraping helper, but it includes risky bulk-scraping and stealth-browser guidance that users should review before installing.

Install only if you intentionally want a Taobao/Tmall scraping automation skill and are comfortable using it from a logged-in browser. Avoid the stealth multi-session batch mode unless you have clear authorization and understand Taobao/Tmall policy, rate-limit, and account-enforcement risks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill explicitly advises spacing requests and opening multiple stealth browser sessions to increase throughput while avoiding anti-scraping restrictions. That materially shifts the skill from ordinary user-assisted browsing into guidance for evading platform defenses, which can facilitate account enforcement, IP blocking, or abusive large-scale scraping.

Description-Behavior Mismatch

Low
Confidence
82% confidence
Finding
The documented boundary claims the skill only reads data already visible in the browser, but the skill also instructs reading and conditionally writing a persistent local memory file about prior runs. This creates a scope mismatch that can surprise operators and introduces persistence beyond the stated data-access model.

Intent-Code Divergence

Low
Confidence
84% confidence
Finding
The skill says it only reads page-displayed data, yet later directs the agent to append execution notes to a local memory file. Even if the notes exclude keywords and results, this still contradicts the stated boundary and enables undisclosed persistent state that may influence future behavior.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The script advertises keyword, page, sort, tab, and price controls through its CLI, but none of those values are used to construct or constrain the actual search behavior. In an agent setting, this can mislead upstream components into believing user-specified filters were enforced when the code simply emits a generic scraping payload for whatever page is already open, causing data integrity and authorization-boundary issues.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The manifest presents this skill as performing Taobao/Tmall keyword search, but the code never initiates a search and instead scrapes product cards from an already-loaded browser page. In an agent workflow, that mismatch is dangerous because the skill may exfiltrate or misreport data from an unintended page context, while callers assume the output is scoped to the requested keyword and marketplace query.

Vague Triggers

Medium
Confidence
76% confidence
Finding
The invocation text is broad enough to match general shopping, research, monitoring, and collection requests, increasing the chance the skill is triggered outside a narrowly intended use case. Overbroad routing can cause unintended scraping behavior, especially since the skill includes batch collection and operational guidance for scaling searches.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill recommends batch scraping and multi-session browser use but omits clear warnings about anti-scraping detection, account action, session invalidation, or terms-of-service violations. In context, this makes risky automation easier to deploy without informed consent from the operator or user.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal