ClawHub

Freshippo

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Freshippo shopping assistant that can browse and prepare a cart but clearly leaves final checkout and payment to the user.

Install only if you want browser-assisted shopping on Freshippo. Before allowing logged-in automation, confirm the exact items, quantities, coupons, delivery slot, address, and final total; complete payment yourself and stop the agent if it reaches a payment or final-submit step.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README explicitly allows the agent to perform cart modifications and coupon application in a logged-in shopping context, but it does not require an explicit confirmation immediately before those state-changing actions. In an e-commerce skill, that can cause unintended purchases, applied discounts, inventory reservation, or user-account side effects if the agent acts on ambiguous instructions or stale preferences.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The sample trigger phrases are broad enough to match ordinary shopping requests, which can cause the skill to activate in situations where the user did not explicitly intend browser-assisted cart actions. In a commerce skill with login-gated cart operations, over-broad triggering increases the risk of unintended navigation, product selection, or cart modification before the user fully understands the scope of automation.

Natural-Language Policy Violations

Medium
Confidence
79% confidence
Finding
The execution guide hardcodes Chinese-language prompts and assumes the interaction will proceed in Chinese without offering a language choice. This is not a direct security flaw, but it can undermine informed consent and user comprehension, especially before login-required or cart-modifying actions, making downstream automation riskier.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal