ClawHub

Dataify Bing Shopping

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Bing Shopping API helper that requires user confirmation before sending a Dataify API request.

Install only if you are comfortable giving the skill a Dataify API token and sending shopping search parameters to Dataify. Review the preview table before confirming live calls, and avoid entering sensitive information as a shopping query.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (7)

Dynamic attribute access via getattr()

Low
Category
Dangerous Code Execution
Content
def apply_overrides(payload: dict[str, str], args: argparse.Namespace) -> dict[str, str]:
    for key in ["q", "json", "mkt", "cc", "efirst", "filters"]:
        value = getattr(args, key, None)
        if value is not None:
            payload[key] = value
Confidence
50% confidence
Finding
value = getattr(args, key, None)

Tainted flow: 'request' from os.getenv (line 510, credential/environment) → urllib.request.urlopen (network output)

Critical
Category
Data Flow
Content
request = urllib.request.Request(DEFAULT_ENDPOINT, data=data, headers=headers, method="POST")
    try:
        with urllib.request.urlopen(request, timeout=timeout) as response:
            raw = response.read()
            text = raw.decode(response.headers.get_content_charset() or "utf-8", errors="replace")
            return 200 <= response.status < 300, text
Confidence
90% confidence
Finding
with urllib.request.urlopen(request, timeout=timeout) as response:

Lp3

Medium
Category
MCP Least Privilege
Confidence
70% confidence
Finding
Without declared permissions the skill's intent is opaque and cannot be validated.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The manifest description says "Use when a user search Bing Shopping, find product or shopping results," which is a broad natural-language activation condition that overlaps with many ordinary shopping requests. It does not define specific trigger phrases, scope boundaries, or exclusion conditions, so the skill could be invoked in unintended contexts.

Natural-Language Policy Violations

Medium
Confidence
97% confidence
Finding
The instructions require the parameter table's `说明` column to be displayed in Chinese, regardless of the user's language preference. This imposes a specific language without offering user choice or documenting a justified locale constraint.

Natural-Language Policy Violations

Low
Confidence
85% confidence
Finding
The field descriptions are written entirely in Chinese, including user-facing parameter explanations such as language and output-format guidance. This creates a natural-language locale constraint in the skill interface without any visible opt-in or alternative language option.

Env Variable Harvesting

High
Category
Data Exfiltration
Content
token = token.strip()
    if not token.lower().startswith("bearer "):
        token = f"Bearer {token}"
    os.environ["DATAIFY_API_TOKEN"] = token
    return token
Confidence
80% confidence
Finding
os.environ["DATAIFY_API_TOKEN"]

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal