ClawHub

库存慧眼 / Inventory Eye

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local inventory tool, but it can persistently change business inventory records from broad natural-language prompts without a clear confirmation step.

Install only if you are comfortable with a local tool that stores inventory, prices, and transaction history on disk. Before using it operationally, require explicit confirmation for every import, inbound, outbound, update, or delete action, and keep backups of the IE_DATA_DIR inventory files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (9)

Vague Triggers

Medium
Confidence
83% confidence
Finding
The import workflow is triggered by phrases like '导入库存表' or '类似意图', which leaves the activation boundary ambiguous. Overbroad triggering can cause the agent to initiate file-handling flows when the user is only discussing imports conceptually, increasing the risk of unintended file access or execution of import commands.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The inventory monitoring flow also uses vague trigger language, so ordinary discussion about stock status may be treated as authorization to run monitoring commands. While read-only actions are less severe than writes, they can still expose local business-sensitive inventory data without clear user intent.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The replenishment workflow can be triggered by broad, informal wording without clear boundaries. This may cause the agent to run recommendation or calculation commands based on ambiguous conversational context, potentially revealing commercially sensitive purchasing and stock planning data.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The slow-moving inventory analysis is activated by vague phrases that could overlap with ordinary business discussion. Because the feature produces potentially sensitive performance and capital-occupancy insights, accidental triggering can disclose internal sales weakness and inventory inefficiency information.

Vague Triggers

High
Confidence
94% confidence
Finding
The inbound/outbound workflow is triggered by very broad natural-language phrases like '卖了XX' or '到货了', which can misclassify casual narration as an instruction to mutate inventory. Because these actions write persistent state, an accidental trigger can corrupt stock records, causing operational and financial errors.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill describes inbound/outbound commands that modify inventory data but does not clearly warn the user that these are persistent writes. Users may believe they are previewing or asking hypothetically, when in fact the operation changes stored records, creating integrity and auditability risks.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The phrase “库存状况怎么样?” is a broad, natural-language query that could easily appear in ordinary conversation, increasing the chance the skill activates when the user did not explicitly intend to invoke it. In a skill that reads and summarizes local business inventory data, unintended activation can expose sensitive operational details such as stock levels, shortages, and expiring goods.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger “哪些商品该补货了?” is also a generic conversational question, so the skill may be invoked accidentally during normal discussion about purchasing or planning. Because the resulting action reveals internal replenishment needs and potentially sales-derived business intelligence, accidental invocation can leak commercially sensitive information.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The README notes elsewhere that data is stored locally, but the import workflow does not clearly warn users at the point of use that importing inventory files persists potentially sensitive business data to disk. This is primarily a transparency and privacy-risk issue: users may assume the operation is ephemeral and unknowingly leave inventory records, pricing, and expiry data stored on the device.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal