ClawHub

Knuspr

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Knuspr grocery-shopping helper, but it can use your account login to change carts, lists, favorites, and delivery reservations.

Install only if you are comfortable letting an agent access your Knuspr account and modify carts, lists, favorites, and delivery reservations. Prefer interactive login, avoid passing passwords on the command line, avoid or tightly protect ~/.knuspr_credentials.json, use logout when finished, and personally review the cart and checkout in Knuspr before buying.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The command reference explicitly supports `auth login [-e email -p pass]`, which encourages passing a password directly on the command line. Command-line passwords are commonly exposed via shell history, process listings, logs, and telemetry, making this an unnecessary credential-handling risk for a grocery-shopping skill. In this skill context, authentication is expected, but direct password flags are more dangerous because the agent may be induced to handle secrets insecurely during routine shopping tasks.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README documents state-changing operations such as clearing the cart, reserving/releasing delivery slots, and repeating prior orders, but does not clearly warn that these commands modify a real Knuspr account and may trigger unintended purchases or reservation changes. In an AI-agent context, these examples normalize high-impact account actions and increase the chance that an agent executes them without explicit user confirmation.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README recommends storing credentials in environment variables and especially in a local JSON file containing plaintext email/password, but provides no meaningful warning about shell history exposure, process/environment leakage, local compromise risk, or safer alternatives. For an agent-oriented CLI, this is dangerous because users and automation systems may persist reusable credentials insecurely, increasing the risk of account takeover.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger language is broad enough to match generic grocery or shopping-list discussions, increasing the chance the skill runs when the user did not intend to interact with Knuspr.de. Because the skill can access accounts, alter carts, reserve delivery slots, and potentially use stored credentials, unintended invocation can lead to privacy exposure or unwanted state changes.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The setup instructions encourage placing login credentials in environment variables without warning about exposure risks such as shell history leakage, process inspection, inherited environment propagation, logs, or accidental reuse in other contexts. In a skill environment, this is especially risky because credentials may persist beyond the session or be accessible to other tooling and subprocesses.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The code loads email and password from a plaintext file in the user's home directory without any warning, encryption, or permission hardening. If the host is shared, backed up insecurely, or otherwise compromised, the account credentials can be trivially recovered and reused to access account data and place or modify orders.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The authentication documentation lists insecure password-passing methods but provides no warning about the risk of credential leakage. Without explicit guidance, users or agents may supply secrets through CLI flags or automation in ways that expose them in shell history, process tables, CI logs, or agent traces. Because this is an agent skill intended for automation, the absence of warnings materially increases the likelihood of unsafe secret handling.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal