ClawHub

Taobao Native CLI

Security checks across malware telemetry and agentic risk

Overview

This looks like a real Taobao desktop shopping helper, but it gives an agent broad logged-in shopping powers without enough confirmation guardrails for destructive or public actions.

Install only if you are comfortable letting the agent operate inside your logged-in Taobao Desktop session. Require explicit approval before deleting cart items, submitting ratings, sending seller messages, installing software, or starting any purchase-related step, and verify the item, seller, price, quantity, and action before approving.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to execute general OS/shell commands such as `open -a ...`, PATH mutation, and direct invocation of installation-path binaries outside the declared shopping workflow. This expands the skill's authority beyond Taobao client actions and can normalize arbitrary local command execution, increasing risk if the document is followed in permissive environments.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The documented keyboard automation tools allow arbitrary key presses, sequences, and long-press behavior that are broader than shopping-specific interactions. In practice, such primitives can be repurposed to trigger unintended actions in other apps or system dialogs, especially if focus changes or the Taobao client is not the active target.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill provides a concrete workflow for deleting shopping-cart items, including confirming deletion, without requiring an explicit confirmation checkpoint from the user. Because cart deletion is a destructive account action, omission of a confirmation step increases the chance of accidental or manipulated destructive behavior in an agent-assisted session.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The document explicitly instructs the agent to download and silently execute a Windows installer using `Start-Process ... '/S'`, which causes system changes without an explicit in-flow confirmation or warning to the user at the point of execution. In an agent skill, this is dangerous because it normalizes unattended software installation and process polling, increasing the risk of unwanted software deployment, privilege misuse, or social-engineering-driven installation if the download source or context is abused.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal