ClawHub

eShop

Security checks across malware telemetry and agentic risk

Overview

This shopping skill mostly matches its purpose, but it gives the assistant broad authority to use shopping tokens, saved addresses, and order tools with too little confirmation in the Luogang flow.

Install only if you trust the Luogang and McDonald's MCP services. Before letting it buy, cancel, claim coupons, or show addresses, require the assistant to confirm the platform, item, quantity, total price, selected address, coupon or points use, and order ID.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger scope is very broad, allowing activation whenever a user shows general shopping intent or mentions related brand terms. In an agent ecosystem, this can cause unintended skill invocation, leading the assistant to route user requests to an external commerce backend unnecessarily and potentially process shopping, account, or order actions in the wrong context.

Vague Triggers

Medium
Confidence
86% confidence
Finding
Example phrases like '买鞋子' or '有没有外套' are common everyday utterances and can overlap with many unrelated shopping skills. Over-broad invocation increases the chance of accidental activation and data transfer to this platform, which is especially concerning because the skill also supports authenticated order and address operations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to create orders using the default shipping address without asking the user. This is dangerous because it can trigger purchases tied to stored personal data and send goods to an address the user did not intend, creating both unauthorized transaction risk and privacy exposure of recipient details.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The address retrieval flow lacks a privacy notice or minimization guidance before fetching and displaying saved delivery addresses. Because addresses contain sensitive personal information, an assistant that automatically retrieves and echoes them can expose home addresses, names, and phone numbers to the conversation surface without clear user awareness.

External Transmission

Medium
Category
Data Exfiltration
Content
## API Call Pattern

All tools are invoked via curl to the MCP endpoint:

```bash
curl -s -X POST "${MCD_MCP_URL:-https://mcp.mcd.cn}" \
Confidence
93% confidence
Finding
curl to the MCP endpoint: ```bash curl -s -X POST "${MCD_MCP_URL:-https://mcp.mcd.cn}" \ -H "Authorization: Bearer ${MCD_TOKEN}" \ -H "Content-Type: application/json" \ -d

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal