ClawHub

SEO Product Auditor

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims, but it asks for live store credentials in chat and can make bulk changes to production product listings.

Install only if you trust this skill with your store. Prefer a least-privilege or read-only token for audits, add write permissions only when you are ready to apply fixes, rotate any credentials pasted into chat, and review each preview carefully before approving bulk updates.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide explicitly instructs users to paste Shopify access tokens and WooCommerce consumer secrets directly into the bot chat, but provides no warning about storage, retention, logging, masking, or least-privilege handling. This creates a real credential-exposure risk because chat systems, agent memory, logs, or downstream integrations may retain secrets, enabling unauthorized store access if compromised.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
Stating that existing store credentials will be reused automatically implies persistence and later reuse of sensitive credentials, but the document does not explain where they are stored, for how long, who can access them, or how users can revoke them. That lack of transparency increases the risk of unintended long-term secret retention and unauthorized operations against connected stores.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill explicitly allows activation on listed phrases 'or similar', which creates ambiguous invocation boundaries for a capability that can fetch data, generate rewrites, and eventually push changes to a live store. In agent environments, loose matching increases the chance of accidental tool/skill activation from ordinary conversation or from adversarial prompt content embedded in user/store data.

Vague Triggers

Medium
Confidence
90% confidence
Finding
Phrases like 'check my SEO', 'SEO report', or 'what's wrong with my listings' are broad and can overlap with general discussion, causing unintended activation of a skill that accesses stored credentials and external commerce APIs. Because this skill can enumerate products and prepare modifications, accidental invocation can expose store data or initiate sensitive workflows without sufficiently clear user intent.

Vague Triggers

Medium
Confidence
96% confidence
Finding
Fix triggers such as 'fix it', 'apply all suggested fixes', and 'fix [product name]' are especially risky because they map to write-capable operations that can update titles, descriptions, tags, image alt text, and metafields. Even though the skill says not to push without confirmation, generic fix phrases increase the chance that conversational text or context carryover is misinterpreted as authorization to modify production data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal