ClawHub

Amazon Research

Security checks across malware telemetry and agentic risk

Overview

This looks like a local Amazon price-tracking helper, but it needs review because it can add an ongoing scheduled task and its documentation overstates live Amazon tracking that the code does not actually perform.

Install only if you are comfortable with a local, manual/simulated price tracker rather than real Amazon price monitoring. Do not run the cron setup unless you intentionally want a daily background task, and inspect the crontab line first. Treat stored product and price history as local retained data, and verify prices on Amazon before making purchase decisions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The reference file presents static content as if live tracking, alerts, and a scheduled cron-based check are currently active, including specific counts, thresholds, and a next run time. In an agent skill, this can mislead users and downstream components into believing monitoring and alerting are operational when they may not be, causing false reliance, confusion about system capabilities, and potentially unsafe decisions based on stale or fabricated status.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The skill metadata promises Amazon product research, price tracking, and deal comparison, but the implementation only stores and displays manually entered local data in SQLite. This can mislead users or downstream agents into believing prices are live or sourced from Amazon, causing incorrect purchasing decisions, failed monitoring expectations, and unsafe automation based on stale or fabricated records.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The script installs a persistent cron job that will continue executing beyond a one-time research session, which expands the skill's behavior from ad hoc use into ongoing autonomous execution. While the apparent purpose is price monitoring, persistence on the host is security-relevant because it changes system state and can repeatedly run code without further user involvement.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Modifying the host crontab changes scheduler configuration and grants the skill a recurring execution mechanism that is not strictly necessary for basic product research. In the context of a research skill, this is more dangerous because it introduces host persistence and unattended code execution, which could later be abused if the script or its dependencies are modified.

Missing User Warnings

Low
Confidence
76% confidence
Finding
The manual-entry instructions tell users to add product data but omit that the information will be stored in a local SQLite database and retained over time. While not directly exploitative, this weakens informed consent and may expose sensitive shopping interests or pricing history on shared systems.

Missing User Warnings

Low
Confidence
81% confidence
Finding
The cron setup documents a daily scheduled task without warning that it will continue running automatically and may generate repeated notifications or system activity. Even if intended for convenience, unattended recurring execution changes the host state and can surprise users or create unwanted background behavior.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The markdown describes active price tracking, alerts, and scheduled checks while also referencing a local database path, but provides no notice about what data is stored, whether monitoring is real, or how user/product tracking state is handled. This creates a transparency and privacy-risk issue because users may be unaware of persistence or monitoring behavior, and the combination of implied automation plus storage can misrepresent data practices.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script writes directly to the user's crontab without any confirmation, dry run, or visibility into whether an entry already exists. This is dangerous because it silently establishes persistence and can surprise users with recurring execution, log growth, and repeated network activity on the host.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal