ClawHub

costco-inventory-monitor

Security checks across malware telemetry and agentic risk

Overview

The skill is an inventory monitor, but it encourages high-frequency Costco checks through residential proxies and can expose proxy credentials in output, so it should be reviewed before installation.

Install only if you are authorized to monitor Costco this way and accept the risk of blocks, terms-of-service issues, proxy costs, and credential handling. Avoid putting real proxy passwords on command lines or in generated output, restrict logs and snapshots, set a conservative polling interval, and review or remove the residential proxy and block-recovery guidance before running the scheduled monitor.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The script explicitly supports residential proxy configuration, sticky sessions, rotation, and geographic targeting, which are common anti-block/circumvention capabilities rather than ordinary inventory scheduling features. In the context of a Costco inventory monitor, this increases the likelihood that the generated config will be used to bypass retailer access controls or rate-limiting, creating abuse and policy-risk even though the code itself only emits configuration.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The generated config includes 'akamai_block_recovery' instructions that tell operators to switch to residential proxies after HTTP 403 responses and to use sticky sessions for multi-step checks. That operational guidance directly embeds anti-bot circumvention behavior into the tool, making misuse easier and more intentional in this retail-monitoring context.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The document explicitly recommends preserving raw response excerpts, HTTP status details, deny-page body content, and active proxy metadata. In an inventory-monitoring skill, those artifacts can contain session identifiers, IP/proxy details, request fingerprints, or other operationally sensitive data, and the guidance does not include minimization, redaction, retention, or access-control requirements. Because the skill also discusses residential proxies and sticky sessions, retaining detailed network-path metadata increases both privacy and operational-security risk if logs are exposed or mishandled.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The standard explicitly recommends residential proxies, sticky sessions, and rotation strategies to sustain high-frequency scraping against anti-bot controls, but it does not include user-facing warnings or governance constraints about legal, privacy, terms-of-service, or account/IP blocking risks. In the context of an inventory-monitoring skill, this materially increases the likelihood that operators deploy evasive network behavior without understanding the compliance and operational consequences.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
In residential_proxy mode, the script embeds proxy credentials directly into the generated payload as an endpoint URL, and that payload is then printed in JSON or pretty output. This can leak usernames and passwords into terminal history, logs, CI artifacts, or cron job output, which is especially risky given the skill is designed for scheduled execution and explicitly handles secrets.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal