ClawHub

Shopping Product Search

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed product-search skill that runs a shell script to query Channel3 for shopping results, with no evidence of hidden persistence, destructive actions, or unrelated data access.

Install this only if you are comfortable sharing shopping queries and any image URLs with Channel3. Use a dedicated Channel3 API key, monitor any credit or billing usage, and avoid including sensitive personal information in searches.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill instructs the agent to execute a shell script but does not declare corresponding permissions, creating a capability/permission mismatch. This can undermine user and platform expectations about what the skill is allowed to do, and in this context the script sends user queries and image URLs to a third-party API, so undeclared shell/network use increases privacy and execution risk.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger text is broad enough to match many general shopping or recommendation requests, which may cause the skill to activate more often than necessary. In this skill, unnecessary invocation is more concerning because activation can lead to external API calls that transmit user queries or image URLs to a third party and may bias responses toward affiliate-linked purchase flows.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The manifest description is written broadly enough to match many ordinary shopping-related prompts, which can cause the skill to be invoked more often than necessary. Because this skill has both shell and network permissions and executes a bundled script against external services, overbroad triggering increases the chance that user requests are routed into a higher-risk execution path without clear user intent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal