ClawHub
Back to skill

Security audit

Taobao Merchant Ops

Security checks across malware telemetry and agentic risk

Overview

This Taobao merchant automation skill mostly matches its stated purpose, but it under-discloses sensitive merchant-session persistence and plaintext license-server communication.

Review before installing. Use a dedicated Python environment and preferably a dedicated browser/profile or machine, avoid using it on sensitive merchant accounts until you trust the publisher, be aware that license activation sends a card key and machine fingerprint over plain HTTP, and protect or delete saved browser state, reports, logs, and screenshots after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
merged_env = os.environ.copy()
    if env:
        merged_env.update(env)
    result = subprocess.run(
        cmd,
        stdout=subprocess.PIPE,
        stderr=subprocess.STDOUT,
Confidence
88% confidence
Finding
result = subprocess.run( cmd, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, env=merged_env, cwd=cwd, )

Lp3

Medium
Category
MCP Least Privilege
Confidence
82% confidence
Finding
The skill documentation instructs users to run local Python scripts that likely use shell, filesystem, environment, and network capabilities, but the skill declares no permissions. This creates a transparency and trust problem: users and platforms cannot accurately assess the operational scope, and the referenced installer/runtime could perform privileged actions without explicit disclosure.

Unpinned Dependencies

Low
Category
Supply Chain
Content
openpyxl>=3.1.0
pyyaml>=6.0
playwright>=1.40.0
Confidence
83% confidence
Finding
pyyaml>=6.0

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal