ClawHub

Kroger Api.Skill

Security checks across malware telemetry and agentic risk

Overview

The skill does what it says, but it can create real Kroger/QFC pickup orders and stores reusable account tokens in a local plaintext file without enough safeguards.

Review this skill before installing. Use it only if you are comfortable granting Kroger OAuth access that can create pickup orders, keep state.json private and out of version control, and require the agent to show the exact items, quantities, store, pickup time, and any order impact before any order-create command is run.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly tells users to place OAuth client credentials and later tokens in `state.json` but provides no guidance to protect that file, avoid committing it, or use a secure secret store. In the context of a skill that accesses a real grocery account and can create orders, exposed credentials or tokens could enable unauthorized API access, account misuse, or order manipulation.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill documents `order-create` as a normal workflow step without a clear warning that it can submit a real pickup order against the user's Kroger/QFC account. Because this is an account-affecting action with potential financial and logistical consequences, presenting it without an explicit confirmation requirement increases the risk of accidental or unauthorized purchases.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
OAuth access tokens, refresh tokens, and client credentials are persisted in a local JSON state file without any protection, permission hardening, or user warning. If the file is readable by other local users, accidentally committed, or harvested by malware, an attacker could reuse tokens or client secrets to access the user's Kroger account or continue refreshing access.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal