ClawHub

Squarespace

Security checks across malware telemetry and agentic risk

Overview

This is a transparent Squarespace commerce connector through Maton, but it can read sensitive store data and change live commerce content.

Install only if you trust Maton to proxy OAuth-backed Squarespace access. Protect MATON_API_KEY, verify the intended connection when more than one store is connected, approve writes only after checking the exact product/order/inventory/customer target and effect, and avoid asking the agent to fetch or display unnecessary customer, address, order, or transaction details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly documents access to customer profiles, orders, and transactions, which can expose PII and payment-related business data, but it provides no privacy, minimization, retention, or redaction guidance. In an agent setting, this omission increases the risk of over-collection, unnecessary disclosure, or unsafe handling of sensitive customer information.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
#### Delete Product

```bash
DELETE /squarespace/v2/commerce/products/{productId}
```

**Response:** 204 No Content on success
Confidence
90% confidence
Finding
DELETE /squarespace/v2/commerce/products/{productId}

Tool Parameter Abuse

High
Category
Tool Misuse
Content
#### Delete Variant

```bash
DELETE /squarespace/v2/commerce/products/{productId}/variants/{variantId}
```

**Response:** 204 No Content on success
Confidence
89% confidence
Finding
DELETE /squarespace/v2/commerce/products/{productId}/variants/{variantId}

Tool Parameter Abuse

High
Category
Tool Misuse
Content
#### Delete Image

```bash
DELETE /squarespace/v2/commerce/products/{productId}/images/{imageId}
```

**Response:** 204 No Content
Confidence
86% confidence
Finding
DELETE /squarespace/v2/commerce/products/{productId}/images/{imageId}

VirusTotal

43/43 vendors flagged this skill as clean.

View on VirusTotal