Back to skill

Security audit

Designkit Ecommerce Studio

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed remote image-processing helper that uploads only user-provided images to Designkit/OpenClaw for the requested edits.

Install only if you are comfortable giving the skill a Designkit/OpenClaw API key and sending the image URLs, local image files you provide, and ecommerce listing details to Designkit/OpenClaw for processing. Avoid sensitive personal images unless remote processing is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The manifest requests shell access for a skill described as performing ecommerce image editing tasks, but the manifest provides no clear operational need for arbitrary command execution. Shell capability materially expands the attack surface because any prompt-injection, compromised workflow, or unsafe downstream instruction could turn this permission into filesystem access, tool abuse, credential exposure, or execution of system commands unrelated to image processing.

Natural-Language Policy Violations

Medium
Confidence
86% confidence
Finding
The routing rule requires collecting platform, market, and language in a fixed sequence for the ecommerce workflow, even though the skill elsewhere says to use sensible defaults for missing config. This can lead to unnecessary collection of user/business metadata and weakens data minimization, especially when language or market may not be needed to complete the requested task.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The workflow description explicitly instructs execution of a shell script and references multiple external API calls, but the command metadata provides no user-facing warning, consent step, or clear disclosure that image/content data will be transmitted to remote services. In an agent context, this can cause silent execution of networked actions and data exfiltration of user-provided images or prompts, especially because the workflow is triggerable by common ecommerce phrases.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.