ClawHub

Popmart Stock Monitor

Security checks across malware telemetry and agentic risk

Overview

This appears to be an unfinished stock-monitoring skill rather than malware, but it needs review because it asks for credentials, webhooks, and recurring monitoring while producing fabricated or unreliable stock results.

Review before installing. Do not add real Taobao/JD credentials, session cookies, proxy credentials, or Feishu webhooks unless you are comfortable with outbound third-party requests and unreliable results. Treat webhook URLs as secrets, avoid committing config files, run only in a constrained environment, and expect the current monitor to require real platform handlers and stock parsing before it can be trusted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The script presents itself as a working stock monitor, but the core check_specific_product logic only fabricates placeholder results and hardcodes in_stock to False instead of performing real platform checks. In a monitoring skill, this is dangerous because users may rely on false output and miss actual restocks, undermining trust and potentially causing financial or operational loss through missed purchase opportunities.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The code claims to check Taobao stock via the official API but never performs any authenticated API call; instead it returns a fabricated default result with in_stock set to false and a generated search URL. This creates integrity risk because downstream automation or notifications may trust invented data, causing missed restocks or incorrect decisions while giving a false impression that official verification occurred.

Intent-Code Divergence

Medium
Confidence
99% confidence
Finding
The scraping branch performs an HTTP request but does not actually parse stock status; it unconditionally returns in_stock as true on any 200 response. In a stock-monitoring skill, this is dangerous because it can trigger false alerts or purchases based on nonexistent availability, undermining the trustworthiness of the system's outputs.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs users to configure API keys, secrets, webhook URLs, and SMTP/SMS-style notification integrations, but it does not clearly warn that product data, identifiers, and potentially sensitive configuration values will be transmitted to third-party services. In a skill that monitors external platforms and sends alerts, this omission increases the risk of accidental secret exposure or unintended data sharing with Feishu, e-commerce APIs, proxies, or scraping targets.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The suggested prompts are very broad and could cause the skill to activate from loosely related user requests without clear confirmation that monitoring, tracking, or notifications should be initiated. In an agent environment, over-broad trigger phrases can lead to unintended tool use, unwanted external checks, or setup of monitoring behavior beyond the user's actual intent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal