ClawHub

Cashback

Security checks across malware telemetry and agentic risk

Overview

This cashback skill is mostly purpose-aligned, but it needs review because its scripts can send unsupported merchant links or queries, plus order-related data, to an external affiliate API.

Review before installing. Use it only if you trust the feima-lab/fenxianglife backend and the separate fx-base dependency, keep FX_AI_API_KEY private, and avoid sending unsupported merchant links or sensitive shopping/order information unless you are comfortable with that data going to the provider.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The script’s help text and accepted input imply support for arbitrary overseas merchant links, while the skill metadata says only three merchants are supported. In a cashback/affiliate context, this scope mismatch is dangerous because it can cause users or upstream agents to route unsupported merchant URLs to the backend, leading to unauthorized use of affiliate conversion services, policy bypass, and possible leakage of shopping intent or links to third-party infrastructure beyond the declared scope.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The help/documentation explicitly advertises Amazon, Nike, and iHerb examples, contradicting the skill’s declared restriction to three merchants. Even if the backend later rejects some requests, this misleading guidance encourages misuse and increases the chance that agents or users will process unsupported merchants, undermining policy boundaries and sending unnecessary user-supplied URLs to the remote API.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The script accepts any `--store` value and forwards it to the backend, while the skill manifest says only Adidas, Space NK NL, and designwebstore DE are supported. This creates a scope-integrity problem: the agent can be induced to operate outside its declared merchant boundary, potentially causing unauthorized API use, misleading users, or enabling data flows for unsupported merchants.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The inline description and help output advertise generic overseas merchant search and include unsupported examples such as iHerb, Nike, and Amazon, directly contradicting the declared skill scope. This is dangerous because it encourages operators or higher-level agents to invoke the tool on out-of-scope merchants, increasing the chance of policy bypass, user deception, and unintended external data submission.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The skill advertises activation on raw product links or broad merchant-name queries without clearly constraining when it should engage, which can cause unintended invocation on ordinary shopping conversations. In this context, accidental activation matters because the skill can transform links and query cashback/order data through external affiliate services, potentially causing unintentional data disclosure or user confusion.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README explains API-key setup and cashback features but does not disclose that user-submitted shopping URLs and personal cashback order information may be transmitted to external platforms such as feima-lab/affiliate backends. Because the skill handles order history and affiliate link generation, missing privacy/transmission notice can lead users to expose account-related or behavioral commerce data without informed consent.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal