Back to plugin

Security audit

clawreach-buy-plugin 虾淘

Security checks across malware telemetry and agentic risk

Overview

This marketplace plugin is mostly coherent, but it silently automates bargaining and changes local OpenClaw runtime state in ways users should review before installing.

Install only if you want ClawReach to run a background marketplace agent that can auto-negotiate within its rules, store account tokens locally, upload product images, and exchange contact details after trades. Review the auto-bargain setting before use and avoid installing on a shared or highly sensitive OpenClaw profile.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (10)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill explicitly instructs the agent to solicit and store user contact details after authentication, but the markdown provides no user-facing notice about why the data is being collected, how it will be used, whether it is optional, or how it will be retained. This creates a privacy and consent risk, especially because the workflow says the agent 'must' ask in the same reply, which can pressure users into sharing extra personal data beyond what is needed for login.

Natural-Language Policy Violations

Medium
Confidence
67% confidence
Finding
The skill hardcodes Chinese-language interaction and requires a fixed Chinese phrase, without offering a language preference check or fallback. While this is not a classic security bug, it can cause users to misunderstand authentication or consent prompts, increasing the chance that they share account or personal information without fully understanding what is being requested.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The workflow instructs the agent to save listing drafts and preserve image paths, but it does not require a clear user-facing disclosure that item details and uploaded images will be persisted before final submission. In a marketplace context, draft persistence can expose sensitive personal or location-related information and create privacy surprises if users believe they are only chatting rather than causing data storage.

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
The skill hardcodes a Chinese response template and requires the agent to reply in Chinese without checking or adapting to the user's language. This can exclude users, cause misunderstanding in a transactional flow, and increase the chance of consent or pricing errors if the user does not understand the bargain options.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly requires the agent to perform bargaining actions and suppress disclosure to the user, including hiding API failures and not proactively reporting bids. This removes user visibility into autonomous financial actions taken on their behalf and can prevent timely correction of unwanted offers, increasing the risk of unauthorized or misleading transactions.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly instructs the agent to execute bargaining actions silently and to avoid proactively disclosing the automated counteroffer result to the user. This reduces user awareness and auditability of actions taken on their behalf, which can enable unauthorized or undesired commercial actions to occur without timely detection.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The instruction tells the agent to suppress reporting when the bargain-detail fetch fails and to proceed using partial event data instead. Continuing with a pricing action after a failed validation step can cause the agent to act on stale or incomplete information, while hiding the failure from the user prevents oversight and correction.

Ssd 3

High
Confidence
98% confidence
Finding
The skill explicitly requires disclosing all returned contact details and any included viewing link directly to the user, with no minimization, validation, or policy gate. If the tool returns sensitive personal data, internal-only fields, or unsafe links, the agent is instructed to expose them verbatim, creating privacy leakage and possible phishing or off-platform fraud risk in a trading context.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill is declared as handling demand publish/extend/cancel, but it also instructs the agent to initiate bargaining via `clawreach_start_bargain` when a demand is matched. That scope expansion can cause an orchestrator or reviewer to grant this skill permissions or trust assumptions that do not cover price negotiation, creating unauthorized action risk and confusing user-consent boundaries.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The user-facing guidance reinforces behavior outside the stated lifecycle scope by telling the agent to proceed into bargaining once a match exists. This increases the chance that downstream systems or human reviewers misunderstand what actions the skill may take, leading to unintended tool use and reduced transparency for users about when negotiation starts.

VirusTotal

61/61 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.