ClawHub

LinkFox Market Research

Security checks across malware telemetry and agentic risk

Overview

The skill appears to generate the promised Amazon market research report, but it sends task content to a third-party agent service, runs broad shell workflows, and opens merged HTML without enough scoping or safety controls.

Review this before installing. Use it only if you trust LinkFox with the category, node ID, and any business context in the prompt. Prefer strictly numeric node IDs, avoid secrets or proprietary strategy in inputs, and treat the generated HTML as active third-party content rather than a sanitized local report.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
97% confidence
Finding
The skill invokes a shell script, relies on an API key from the environment, performs network access, writes an HTML file, and then opens that file, yet no permissions are declared. This hides powerful capabilities from users and policy enforcement, making it easier for the skill to exfiltrate data, run unintended commands, or generate and launch unsafe local content without informed consent.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The file does not implement a narrowly scoped market-research skill; it is a generic remote task-submission client for a much broader agent platform. That scope mismatch is dangerous because it lets callers send arbitrary prompts to a powerful external service, bypassing the declared skill boundaries and enabling unintended data handling or tool use.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The docstring advertises broad capabilities such as patent detection and competitor analysis unrelated to the declared market-research-report purpose. Exposing unrelated agent capabilities increases the attack surface and creates a confused-deputy risk where the skill can be used for actions users and reviewers would not expect from its metadata.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger conditions are broad enough that ordinary conversation containing a category name and node ID could activate the skill unintentionally. Because activation leads to shell execution, network calls, file generation, and automatic opening of output, ambiguous triggering increases the chance of unexpected side effects and reduces meaningful user intent verification.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The description does not warn users that their input will be sent over the network to an external API, that an HTML file will be written locally, or that the file will be opened automatically. Lack of disclosure is dangerous because generated HTML can contain active content or deceptive links, and users are not given a chance to assess privacy, trust, or file-safety implications before execution.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
User-supplied task text is sent directly to a remote API, but the tool provides no explicit disclosure or consent step warning that prompts and possibly sensitive business data will leave the local environment. This can lead to inadvertent exfiltration of confidential data entered by users who believe they are using a local skill.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script forwards the raw user-supplied task string directly to `linkfox.py`, which likely sends it to an external agent/service, but this file provides no explicit user-facing notice, consent step, or data-handling warning. In a market-research skill, users may include sensitive business plans, ASINs, pricing strategy, or other proprietary inputs, so silent transmission creates a real privacy and data-governance risk even if there is no obvious code-injection flaw in this wrapper.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal