ClawHub
Back to skill

Security audit

拼多多实时热销榜

Security checks across malware telemetry and agentic risk

Overview

This shopping skill is mostly coherent, but it should go to Review because it uses monetized affiliate purchase links and embedded service credentials without clear enough upfront disclosure.

Install only if you are comfortable with a commerce tool that sends shopping queries and filters through the publisher’s Tencent Cloud proxy and returns Pinduoduo purchase links that may earn affiliate commission. The artifacts do not show malware, destructive actions, or local data harvesting, but the monetization and embedded service credentials should be reviewed by the publisher before broad distribution.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill explicitly instructs the renderer to present commission-tracked purchase links and states that orders through those links generate commission. This goes beyond neutral product browsing and creates an undisclosed monetization and steering behavior risk, especially if users are not clearly informed that recommendations are affiliate-driven.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The header comments describe the MCP as only generating hot-sales guidance text, but the implementation also injects rendering instructions that promote commission-generating links. This mismatch is dangerous because it conceals the true behavioral scope of the skill from reviewers, integrators, and potentially users.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The skill is presented as a product browsing/recommendation tool, but the summary explicitly instructs the renderer to use commission-tracked affiliate short links for purchases. This creates a transparency and trust issue because users are not clearly informed that recommendations are monetized and that clicks may generate commissions for the operator.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger examples include broad prompts and context-free follow-ups such as '下一页', which can cause the skill to activate outside the intended user context. In a commerce skill that returns outbound purchase links, accidental invocation can lead to confusing navigation, unwanted affiliate tracking, or unsolicited exposure to shopping content.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
User-supplied search terms, category filters, and pricing preferences are sent to an external Tencent SCF proxy, but the code provides no user-facing notice or consent mechanism. Even if the data is not highly sensitive by default, transmitting user queries to a third party without transparency creates a privacy and data-handling risk.

Missing User Warnings

Medium
Confidence
76% confidence
Finding
The service accesses sensitive credentials and uses them in outbound requests, but the user-facing interface and documentation do not clearly disclose that external API calls are performed with stored affiliate credentials. In a hosted skill context, this can create transparency and governance risk, especially if operators assume the skill only processes local recommendation data.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The code embeds a static proxy authentication token directly in source and sends it on every outbound request. Hardcoded secrets are easily exposed through source distribution, logs, or repository access, enabling unauthorized use of the backend proxy and possible abuse of the associated account or service.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill forwards user-supplied search/filter parameters to an external Tencent SCF endpoint without any visible disclosure to the user. Even if the data appears low sensitivity, outbound transmission of user queries can expose shopping interests or other behavioral data to third-party infrastructure without informed consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.