ClawHub

Wholesale Pricer

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only wholesale pricing guide whose sensitive template fields need careful handling but do not show hidden or unsafe behavior.

Before installing or using this skill, treat its templates as drafts: remove internal notes, avoid embedding live ACH/routing details in general price sheets, and collect business documents through your normal secure onboarding or invoicing workflow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The template includes bank routing and ACH details in a buyer-facing wholesale price sheet, which exposes sensitive financial information beyond what is needed to communicate pricing terms. In this skill's context, pricing guidance does not require embedding payment account details in a broadly shared document, increasing the risk of unintended disclosure, fraud targeting, or reuse of stale banking information.

Context-Inappropriate Capability

Low
Confidence
87% confidence
Finding
The account application section asks buyers to send business license, resale certificate, contacts, and shipping details, which expands the template from pricing communication into account-opening data collection. While not highly sensitive in all cases, collecting operational and compliance documents in a pricing sheet can cause unnecessary data gathering, wider sharing of business information, and confusion about where customer documents should be submitted.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal