ClawHub

Target Shopping

Security checks across malware telemetry and agentic risk

Overview

The skill is a Target shopping helper with a disclosed anonymous guest-cart feature, and I found no evidence of checkout, payment handling, account access, hidden exfiltration, or destructive behavior.

Install only if you are comfortable with a shopping helper that contacts Target, can create an anonymous guest cart, writes a temporary token-bearing redirect file, caches a short-lived cart token locally, and may open your browser for cart handoff. Treat generated cart links as private share links until they expire; anyone with the link can modify that guest cart, but the inspected artifact does not show account login, checkout, payment, shipping, or hidden data collection behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
96% confidence
Finding
The skill documentation indicates capabilities beyond simple read-only browsing, including network access, local file writes, environment use, and shell invocation, yet no permissions are declared. That mismatch weakens user consent and platform enforcement because a caller may reasonably expect a harmless shopping helper while the skill can write files, launch programs, and access network resources.

Tp4

High
Category
MCP Tool Poisoning
Confidence
98% confidence
Finding
The skill presents itself primarily as a Target browsing/search utility, but it also creates and mutates a real server-side guest cart, caches a live bearer token on disk, writes a redirect file containing that token, and attempts to open the user's browser automatically. This is security-relevant behavior because it creates a transferable capability token and performs state-changing actions on an external service without a strongly separated trust boundary from the read-only features.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The code writes a local HTML file and invokes the user's default browser automatically, which is a side effect beyond simple read-only browsing and cart construction. In this skill context, the generated file contains a live 24-hour bearer-token cart handoff URL, so writing it to disk and opening it can expose sensitive cart-write credentials via local files, browser history, process arguments, or other local telemetry without an explicit user confirmation step.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code persists a live guest bearer token to disk in plaintext JSON, and that token can mutate the associated Target guest cart and be converted into a shareable cart-transfer URL. Although the file permissions are tightened to 0600 after writing, the cache is stored in a temp-directory-derived location by default and there is no user disclosure or stronger secret-handling control, so local users, other processes running as the same account, backups, or accidental reuse can expose the token during its ~24 hour lifetime.

Session Persistence

Medium
Category
Rogue Agent
Content
**The cart-link feature creates a real server-side guest cart.** It mints
a 24-hour anonymous bearer token against `gsp.target.com` and POSTs TCINs
to `carts.target.com`. Treat the resulting URL like a one-time share link:
it grants ~24h of cart-write access to whoever holds it. No login, payment
info, or shipping address is ever transmitted.

**No checkout, payment, or auth.** Checkout, returns, saved carts, Circle
Confidence
90% confidence
Finding
write access to whoever holds it. No login, payment info, or shipping address is ever transmitted. **No checkout, payment, or auth.** Checkout, returns, saved carts, Circle deals tied to an account,

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal