ClawHub

Gift Genius

Security checks across malware telemetry and agentic risk

Overview

Gift Genius is a legitimate gift-shopping helper, but its artifacts under-disclose broad shopping and checkout behavior that users should review before installing.

Install only if you want a broad multi-merchant shopping assistant, not just a simple Valentine's flower finder. Require explicit confirmation before any checkout or cart-link action, confirm region instead of relying on inferred location, and avoid calendar-based prompts unless you intentionally grant that behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The manifest advertises a narrowly scoped US/Singapore Valentine's gift finder, but the body expands into many additional regions, merchants, and categories. This scope drift can cause the agent to activate in situations users and platform policy did not expect, increasing the chance of unauthorized shopping behavior and policy bypass through misleading metadata.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The skill claims to provide 2-3 curated Valentine's options centered on flowers and supplements, then later turns into a general multi-category gift suite with jewelry, candles, watches, grooming, and more. That mismatch materially changes the operational behavior and commercial reach of the skill, which is dangerous because review and user consent may be based on the narrower description.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
Early instructions say Singapore users should be routed to Avea Life supplements, while later sections route Singapore to Far East Flora flowers. Contradictory merchant-routing logic can send users to the wrong merchant or product type, undermining predictable behavior and making purchase-related actions less trustworthy.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation conditions are broad enough to capture generic gift-shopping requests, not just narrow Valentine's scenarios. Overbroad triggers can cause the skill to intercept unrelated shopping flows and perform actions outside the intended least-privilege scope.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill encourages initiating checkout and generating one-click purchase links without a clearly defined confirmation boundary. In an agent setting, this increases the risk of premature or unintended commercial actions, especially if users interpret suggestions as informational rather than transactional.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The skill is explicitly location-aware and later suggests inferring location from user context, but it provides no notice or consent mechanism around that inference. Using location to route merchants without transparency can create privacy concerns and may surprise users about how contextual data is being used.

Natural-Language Policy Violations

Medium
Confidence
78% confidence
Finding
The skill contains gender-based routing rules that map recipient gender to specific product categories without opt-in. While not a classic exploit, this is a harmful profiling behavior that can bias recommendations and create inappropriate or manipulative automated decisions in a commerce context.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal