ClawHub

Filtalgo Shopping

Security checks across malware telemetry and agentic risk

Overview

This is a real Filtalgo shopping skill, but it can change account, address, checkout, cancellation, and refund state with some weak confirmation boundaries.

Install only if you intend to let this skill access your Filtalgo account and perform shopping actions. Review order, checkout, refund, and address changes before allowing the agent to run them, and avoid sharing or displaying full address and phone details unless necessary.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill description is broad enough to trigger on many generic shopping, payment, order, and logistics requests, which can cause the agent to invoke a high-privilege commerce workflow without sufficiently narrow user intent matching. In a skill that can place orders, handle payments, manage addresses, and request refunds, overbroad activation increases the chance of unintended tool use and exposure of sensitive account actions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The address commands process sensitive personal data including name, mobile number, and full address details, but the instructions omit a user-facing privacy warning or minimization guidance. In this shopping context, that makes accidental collection, display, or retention of personally identifiable information more likely during address creation, update, and listing operations.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The default prompt uses broad, natural-language shopping phrasing that can easily match common user intents, increasing the chance this skill is invoked when the user did not explicitly intend to use it. Because this skill can enable purchasing, payments, order management, and refunds, unintended invocation has a meaningful security and safety impact beyond simple nuisance activation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
`checkout cancel <id>` performs a state-changing cancellation without requiring an explicit `--confirm`, unlike other destructive commands such as cart clear, address delete, order cancel, and aftersale cancel. In a shopping skill, accidental invocation could cancel in-progress purchases or disrupt user transactions without a clear last-step confirmation.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal