ClawHub

JD Price Protection 京东自动价保

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it controls a local Chrome session to submit JD.com price-protection claims, with no evidence of hidden data theft or unrelated behavior.

Install or run this only if you intentionally want it to control a Chrome session logged into JD.com and submit price-protection applications for all eligible orders it sees. Be careful with cron scheduling because it can repeat account actions without prompting; review the JSON output periodically and keep a clear way to disable the job.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
85% confidence
Finding
The skill documentation states it derives a relay token from gateway configuration or reads a GATEWAY_TOKEN environment variable, but the skill metadata does not declare any permission for environment or secret access. This creates hidden capability and weakens user review because the skill can access authentication material that enables browser/CDP control over the user's logged-in JD session.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The script reads a sensitive OpenClaw gateway token from the user's local config or environment and uses it to authenticate to a browser relay. Even though it does not exfiltrate the token directly, silently consuming local credentials expands the skill's privilege boundary and can enable unauthorized browser control if the skill is run without the user fully understanding that behavior.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script accesses a gateway authentication token from environment variables or local configuration without any user-facing notice or consent flow. This is dangerous because the skill performs privileged actions using ambient credentials, which can surprise users and normalize secret use by untrusted automation.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The code automatically clicks every exact-match '申请价保' button it finds, which submits account-affecting requests on the user's behalf without confirmation per action. In this skill context, the whole purpose is mass submission against a live e-commerce account, so unintended clicks, UI changes, or page spoofing could trigger unwanted transactions or requests at scale.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script connects to a local CDP relay using an authentication token and then drives an existing browser context, but it does not clearly disclose that it is taking remote-control access to the user's browser session. This is more dangerous in context because the connected browser may already be logged into shopping, email, or other sensitive services, so browser automation can act with the full privileges of the live session.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal