ClawHub

Taobao Image Search

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about automating Taobao image search, but its default flow can use a saved login session to add items to a real shopping cart without a separate confirmation step.

Review before installing. Use only on a trusted machine, provide only images you intend to upload to Taobao, and delete the saved storage/profile artifacts when finished. Ask the agent to stop after search/comparison unless you explicitly want a specific item added to your cart.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Intent-Code Divergence

High
Confidence
95% confidence
Finding
The file header frames this as a harmless local verification runner, but the script logs into a real Taobao session and attempts to add products to the user's shopping cart. That mismatch is dangerous because it can mislead operators into executing account-affecting behavior they did not expect, especially in an agent-skill context where comments and naming influence trust decisions.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script saves Taobao browser storage state to a JSON file on disk after login, which can include session cookies and other authentication artifacts. Anyone with filesystem access to that file may be able to reuse the session and impersonate the user, and the script does not clearly warn the user before persisting those credentials locally.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The code creates and reuses a persistent Playwright user-data directory, which retains cookies, local storage, and other browser profile artifacts across runs. This silently leaves authentication material on disk and increases the risk of session theft or unintended reuse by other local users or processes.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script performs authenticated shopping-cart modification and writes persistent artifacts such as logs, screenshots, results, and storage-state-derived outputs without an explicit warning or consent gate at execution time. In a skill setting, this increases the risk of silent account changes, privacy leakage in screenshots/logs, and accidental use against a real user account.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script uploads a local image file to taobao.com automatically via a file input, but there is no user-facing disclosure, consent prompt, or restriction on what file may be sent. In an agent skill context, silent exfiltration of local content to a third-party website is a real privacy and data-handling risk, especially if the file could contain sensitive information or if the website is outside the user's expected trust boundary.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The script captures full-page screenshots and writes them to a local artifacts directory without any disclosure or retention controls. Screenshots of a live commerce site can contain account state, recommendations, search history, or other session-specific content, making this a local privacy exposure if artifacts are later shared, synced, or inspected by other processes.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal