ClawHub

Dataify Walmart Products

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Dataify Walmart task-submission helper that uses an API token and sends selected Walmart collection parameters to Dataify with user-directed workflow steps.

Install only if you intend to use Dataify to create Walmart product collection jobs. Before running it, understand that your Walmart URLs, SKUs, keywords, selected options, and API-authenticated request will be sent to Dataify, and that using a saved DATAIFY_API_TOKEN allows the skill to submit tasks without asking you to re-enter the token.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The invocation text is overly broad and can trigger on generic requests about Walmart scraping or collection, causing the skill to activate in contexts where the user did not clearly intend to use Dataify. Because the skill can consume saved credentials and submit outbound jobs, overbroad matching increases the risk of unintended third-party data transmission or task creation.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill description does not clearly warn users that their URLs, keywords, SKUs, and authenticated requests will be transmitted to an external Dataify service. This undermines informed consent and can expose business-sensitive inputs or account-linked activity to a third party without clear notice. The risk is elevated because the skill also uses an API token for authenticated submissions.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill enables implicit invocation, allowing the agent to trigger this external Walmart data-collection action without an explicit user request scoped to this specific tool. Because the skill description covers broad scraping/collection behaviors and API-token troubleshooting, an LLM may over-trigger it from loosely related prompts, causing unintended third-party requests, data collection, or billing-consuming task submissions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal