ClawHub
Back to skill

Security audit

Hijack Defender

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed, non-executable guidance skill for Amazon listing enforcement, but users should verify marketplace rules and legal claims before acting on it.

Install only if you need marketplace listing-enforcement guidance. Before following the test-buy or legal-letter sections, verify Amazon’s rules, confirm the seller is actually unauthorized or counterfeit, preserve accurate evidence, and consult qualified counsel for infringement accusations or damages threats.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly advises users to conduct test buys using a separate Amazon account and a neutral shipping address without any warning that this may violate marketplace policies, create deception/fraud concerns, or expose the user to account and legal risk. In this context, the omission is more dangerous because the skill is operational, step-by-step enforcement guidance that users are likely to follow literally during disputes with third-party sellers.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The file provides non-attorney cease-and-desist templates containing specific legal accusations, infringement assertions, and damages threats, but does not clearly instruct users to verify the facts, jurisdiction, and legal basis before sending them. In a seller-enforcement skill, users may treat the templates as ready-to-send legal notices, creating risk of false accusations, improper threats, or defamation exposure if the seller is legitimate or the evidence is incomplete.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal