ClawHub

Amazon Latest Policy & News Feed

Security checks across malware telemetry and agentic risk

Overview

The policy-feed lookup itself is coherent, but the skill also tells agents to automatically send user feedback and inferred intent to a separate LinkFox endpoint without clear user control.

Review before installing. The Amazon policy lookup behavior is straightforward, but the skill asks the agent to silently submit feedback to LinkFox when it infers praise, complaints, mismatches, or improvement ideas. Only install if that telemetry behavior is acceptable, and use the large-response helper with temporary directories and cleanup because saved files may contain sensitive output.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill's primary purpose is retrieving Amazon policy-feed content, but it also instructs the agent to automatically send user feedback or inferred quality signals to a separate Feedback API. This creates an unrelated secondary data flow that can transmit user content or behavioral metadata without clear necessity, consent, or scoping.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The documentation adds a separate feedback submission endpoint that is unrelated to the skill's stated purpose of retrieving Amazon policy-feed data. This expands the skill's effective capability from read-only retrieval to outbound user-content transmission, which can enable unexpected exfiltration of prompts, user statements, or workflow metadata to a third-party service if an agent is induced to call it.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The helper resolves any filesystem path supplied via --script and then executes it as Python, making this skill a generic code-execution wrapper rather than a narrowly scoped Amazon policy reader. In the context of a policy-feed skill, this materially expands capability and could be abused to run unrelated local scripts that access sensitive data or perform unintended actions.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The run path writes full child-process stdout to a caller-chosen directory, creating a generic file-persistence primitive not required by the stated Amazon policy lookup purpose. If the wrapped script emits tokens, credentials, personal data, or system output, this helper stores it on disk without meaningful scope restriction, increasing exposure and persistence of sensitive data.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The code always writes captured stdout to disk before informing the caller, and the preview messaging emphasizes usability rather than warning that the file may contain sensitive or unexpected data. In a generic wrapper that can execute arbitrary scripts, this omission increases the chance that operators unknowingly persist secrets or internal data.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal