ClawHub

Selva

Security checks across malware telemetry and agentic risk

Overview

Selva is a disclosed shopping skill, but it can place real orders while handling addresses, API keys, and payment-card data in ways users should review carefully.

Install only if you are comfortable with an agent-assisted tool that can submit real shopping orders and send your shipping/contact details to Selva. Prefer the web settings page for payment setup, avoid entering card numbers or CVV in chat or command-line flags, set an approval threshold, and require explicit confirmation of item, price, shipping address, and payment method before every purchase.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README explicitly documents purchase functionality and collection/storage of highly sensitive personal and payment data, but it does not provide clear warnings about real-world financial transactions, approval requirements, data retention, or safe handling expectations. In an agent-facing shopping skill, this omission is dangerous because an autonomous or semi-autonomous agent may trigger real purchases or expose PII/payment data without the user fully understanding the consequences.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The instruction to 'register quietly' minimizes visibility around a step that generates and stores an API key locally. Suppressing disclosure of credential creation and storage weakens informed consent and can cause users to miss that persistent authentication material has been created on their machine.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The setup and purchase flow collects and transmits sensitive personal data including name, address, phone, email, and potentially payment card details, but the documentation does not provide a clear privacy or data-handling warning. In a shopping skill, this context makes the omission more dangerous because users are being guided to provide exactly the kinds of data that can enable identity, financial, or purchasing abuse if mishandled.

Missing User Warnings

High
Confidence
97% confidence
Finding
The CLI accepts raw card number, expiry, and CVV via command-line flags, which are commonly exposed through shell history, process listings, audit logs, and CI/job telemetry. Even though the data is tokenized before purchase, the sensitive values have already been handled insecurely on the local system, creating a real risk of payment-card disclosure.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The code writes configuration data, including a possible API key, to a predictable file under the user's home directory without setting restrictive file permissions. On multi-user systems or misconfigured environments, this can leave sensitive credentials readable by other local users or backup/sync tooling, leading to account compromise.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal