ClawHub

Shopify Checkout API

Security checks across malware telemetry and agentic risk

Overview

The skill appears purpose-aligned for checkout, but it can collect personal shipping/contact data and trigger payment-linked checkout through a third-party API without clearly scoped user consent.

Install only if you are comfortable with an agent-assisted checkout flow that sends shipping/contact details and payment-related checkout data to a third-party Credpay endpoint. Before using it, confirm the merchant, items, total price, destination address, and payment authorization, and do not proceed unless the skill or agent gives you a clear final confirmation step.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger language is extremely broad (e.g., any user wanting to buy, order, or checkout), which can cause the skill to activate during ordinary shopping discussions rather than clear transactional consent. In this skill, unintended invocation is especially dangerous because the workflow collects sensitive personal data and can initiate payment-bearing checkout actions against third-party stores.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill instructs the agent to collect and transmit highly sensitive personal and transactional data, including full shipping address, phone number, email, and payment-related checkout details, but provides no explicit warning or consent language to the user. Because the skill also performs payment-linked actions via x402, users may not realize that invoking it can send their data to an external service and potentially complete a purchase.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal