ClawHub

Preisrunter Grocery Search

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward grocery price lookup skill that sends product searches to the Preisrunter API, with no evidence of hidden persistence, credential access, or destructive behavior.

Install only if you are comfortable sending grocery searches, region choices, and shop filters to api.preisrunter.net. Avoid putting personal or sensitive information into search terms, and make sure query parameters are URL-encoded before running curl commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

External Transmission

Medium
Category
Data Exfiltration
Content
Use the wrapper endpoint:

- Base endpoint: `https://api.preisrunter.net/wrapper/openclaw-v1/products/`

## Query parameters
Confidence
81% confidence
Finding
https://api.preisrunter.net/

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# Basic search
curl -s "https://api.preisrunter.net/wrapper/openclaw-v1/products?q=butter" | jq

# Region selection
curl -s "https://api.preisrunter.net/wrapper/openclaw-v1/products?q=butter&region=de" | jq
Confidence
79% confidence
Finding
https://api.preisrunter.net/

External Transmission

Medium
Category
Data Exfiltration
Content
curl -s "https://api.preisrunter.net/wrapper/openclaw-v1/products?q=butter" | jq

# Region selection
curl -s "https://api.preisrunter.net/wrapper/openclaw-v1/products?q=butter&region=de" | jq

# Only sale items
curl -s "https://api.preisrunter.net/wrapper/openclaw-v1/products?q=bier&onlySale=true" | jq
Confidence
79% confidence
Finding
https://api.preisrunter.net/

External Transmission

Medium
Category
Data Exfiltration
Content
curl -s "https://api.preisrunter.net/wrapper/openclaw-v1/products?q=butter&region=de" | jq

# Only sale items
curl -s "https://api.preisrunter.net/wrapper/openclaw-v1/products?q=bier&onlySale=true" | jq

# Shop filter (with spaces)
curl -s "https://api.preisrunter.net/wrapper/openclaw-v1/products?q=milch&region=at&shops=billa,spar" | jq
Confidence
79% confidence
Finding
https://api.preisrunter.net/

External Transmission

Medium
Category
Data Exfiltration
Content
curl -s "https://api.preisrunter.net/wrapper/openclaw-v1/products?q=bier&onlySale=true" | jq

# Shop filter (with spaces)
curl -s "https://api.preisrunter.net/wrapper/openclaw-v1/products?q=milch&region=at&shops=billa,spar" | jq
```

## Notes
Confidence
80% confidence
Finding
https://api.preisrunter.net/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal