ClawHub

EcomSeer

Security checks across malware telemetry and agentic risk

Overview

The skill matches its e-commerce analytics purpose, but it handles API keys and hosted research reports in ways users should review carefully before installing.

Install only if you trust EcomSeer with your API key, research prompts, and generated reports. Prefer a dedicated or limited API key, avoid submitting confidential business strategy to Deep Research, and ask the publisher how report links are protected or deleted and why the Deep Research bearer token is embedded.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (11)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The skill instructs the agent to take an API key pasted in chat and persist it into configuration automatically. This creates credential-handling risk because secrets are being collected through normal conversation and stored without an explicit consent, storage notice, or scope limitation, increasing the chance of unintended retention or later misuse.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The deep research workflow sends the user's EcomSeer API key to a separate service, deepresearch.ecomseer.com, rather than keeping the credential scoped to the primary API origin. Forwarding a user secret to a secondary backend materially increases exposure and trust boundaries, especially because the user is not clearly warned or asked to consent to this credential sharing.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The README states that Deep Research is automatically triggered for any query requiring 2+ API calls or cross-entity reasoning, which is a broad heuristic that can activate expensive or more data-intensive workflows without clear user consent. In a skill that analyzes shops, influencers, videos, and ads, this can lead to unintended collection, processing, or external hosting of larger-than-expected result sets from ordinary prompts.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README advertises that generated reports are hosted and shareable via link but does not warn users that prompt contents, derived analysis, or underlying business intelligence may be exposed to third-party hosting or anyone possessing the link. In an e-commerce intelligence context, queries may include competitive strategy, shop comparisons, or sensitive commercial research, making silent external publication a meaningful privacy and confidentiality risk.

Vague Triggers

Medium
Confidence
85% confidence
Finding
README states that 'deep research' is automatically triggered for broad categories of requests, including any query needing more than two API calls or cross-entity reasoning. That can cause users' prompts and related data to be escalated to a more invasive server-side AI workflow without clear consent, increasing privacy, cost, and unexpected data-processing risk beyond a normal query path.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document says complex queries are handled by a server-side AI research system and that reports are hosted online and shareable, but it does not warn users that their queries, derived analytics, or possibly business-sensitive data may leave the local assistant context and be stored remotely. In an e-commerce intelligence skill, prompts may contain confidential product, shop, influencer, or market strategy information, so undisclosed remote processing and hosting materially increase confidentiality and retention risk.

Missing User Warnings

High
Confidence
99% confidence
Finding
The instructions tell the agent to store a user-pasted API key in configuration with no user-facing warning that the secret will be retained. Silent persistence of credentials violates least surprise and can lead to long-lived secret exposure if logs, config stores, or later workflows are compromised.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill directs the agent to send the user's API key to a secondary service without clearly informing the user that their credential will leave the primary API context. This expands the trust boundary and creates significant credential exfiltration risk if the secondary service is compromised, logs requests, or is operated under different controls.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation explicitly states that influencer detail data includes a contact object and that a search filter can target creators with exposed contact information, yet it provides no privacy, consent, or permissible-use guidance. In an e-commerce intelligence skill focused on influencer discovery, this materially increases the likelihood of scraping, profiling, or mass outreach using personal/business contact details.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The search API allows filtering for influencers who publicly expose contact information, which enables targeted enumeration of reachable creators at scale. Even if the source data is nominally public, packaging this into a search primitive without privacy warnings or anti-abuse guidance lowers the barrier for spam, harassment, and bulk lead harvesting.

Ssd 3

High
Confidence
99% confidence
Finding
The skill explicitly encourages users to paste an API key into chat and then persists it for future use. Chat is not an appropriate secure entry channel for secrets, and combining conversational collection with automatic storage creates avoidable credential leakage and retention risks.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal