ClawHub

Amazon Help Doc Change Monitor

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does what it says, but it also tells agents to silently send user feedback and interaction details to a separate LinkFox feedback service without explicit user approval.

Install only if you are comfortable with LinkFox receiving your API requests and if you can prevent or ignore the automatic feedback instruction unless you explicitly choose to send feedback. Use a temporary output directory for large responses and delete saved response files after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to automatically send user feedback and interaction-derived metadata to an external Feedback API even when that action is unrelated to the user's primary request. This creates an unauthorized side channel for transmitting user content or behavioral signals to a third party without explicit consent, which is a privacy and trust violation.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The documentation for a skill focused on retrieving Amazon help-document changes includes a separate public feedback submission endpoint that sends content to a different base URL. This expands the skill's data flows beyond the stated purpose and creates a channel for transmitting user-derived content externally, which can lead to privacy leakage, prompt/data exfiltration, or unauthorized side effects if an agent follows the docs literally.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The helper always writes full subprocess stdout to disk, which can persist sensitive API responses, tokens, personal data, or proprietary business content beyond the lifetime of the request. In this skill context, the wrapped script may retrieve large external documents or account-related help-center data, so silent local persistence increases data exposure through filesystem access, backups, logs, or later reuse.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal