ClawHub

Amazon Listing Judge

Security checks across malware telemetry and agentic risk

Overview

This skill is a small Amazon listing grader that uses a disclosed external scraping API, but users should verify the API endpoint before entering a key.

Install only if you trust claw-school.com and the CLAW_API_BASE value provided with the key. Use an HTTPS API base, avoid sharing the .env file, and understand that each run sends your CLAW_KEY and the Amazon product URL to that configured service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Tainted flow: 'CLAW_API_BASE' from os.environ.get (line 32, credential/environment) → httpx.post (network output)

Critical
Category
Data Flow
Content
def fetch_pdp(asin: str) -> dict:
    url = f"https://www.amazon.com/dp/{asin}"
    print(f"Fetching {url} ...", file=sys.stderr)
    resp = httpx.post(
        f"{CLAW_API_BASE}/api/scrape",
        json={"claw_key": CLAW_KEY, "url": url, "mode": "scraper"},
        timeout=90,
Confidence
96% confidence
Finding
resp = httpx.post( f"{CLAW_API_BASE}/api/scrape", json={"claw_key": CLAW_KEY, "url": url, "mode": "scraper"}, timeout=90, )

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill requires a secret API key in a local .env file and references a remote API base, which indicates environment-variable and network access without any declared permissions or trust boundaries. That mismatch can hide data exfiltration or unexpected outbound requests from users and the agent platform, especially because the skill routes scoring through a third-party service rather than clearly local logic.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill silently sends the user-supplied ASIN-derived Amazon URL plus the CLAW_KEY to an external scraping service, but the user-facing behavior and CLI output only say it is fetching Amazon. This is a genuine transparency and data-transfer issue because operators may believe the script contacts Amazon directly when it actually transmits data and credentials to a third party.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal