ClawHub
Back to skill

Security audit

myskill

Security checks across malware telemetry and agentic risk

Overview

This Shopify monitoring skill is plausible, but it mixes sensitive store access, outbound alerts, and scheduled automation with contradictory documentation about whether persistence exists.

Review before installing. Use a read-only, least-privilege Shopify API key, approve exact email or Telegram recipients, and do not allow any cron or scheduled job unless the skill shows the schedule, data sent, and clear removal steps.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrase "check sales" is broad enough to match ordinary user requests that may not clearly indicate intent to invoke this specific skill. In an agent environment, ambiguous triggers can cause unintended activation, leading to unplanned access to Shopify sales data or execution of monitoring actions without sufficiently explicit user consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The example shows the agent setting a cron job, but the skill description does not clearly warn users that it enables persistent automated behavior. Hidden or under-disclosed automation is risky because it can create ongoing data access, recurring notifications, or background actions the user did not knowingly authorize.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The description "Shopify sales + stock alerts via email/Telegram" is functional but still broad enough that an agent may invoke the skill in loosely related ecommerce, messaging, or monitoring contexts without clear boundaries. Overly broad invocation criteria can cause unintended access to commerce data or outbound notifications, especially if the surrounding platform uses description text to select tools automatically.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal