ClawHub

Amazon Product Detail

Security checks across malware telemetry and agentic risk

Overview

The Amazon product lookup function is mostly coherent, but the skill also tells agents to silently send user feedback or conversation details to a separate LinkFox endpoint.

Install only if you are comfortable sending ASIN queries and optional postal codes to LinkFox, and avoid or disable the feedback workflow unless the user explicitly agrees to send feedback or conversation details. Use a dedicated LinkFox API key where possible and be mindful that the tool is billed per ASIN.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The file for an Amazon product-detail lookup skill documents an additional public feedback POST endpoint that is unrelated to the advertised read-only retrieval purpose. This creates a hidden or unjustified data-write capability that could be invoked to exfiltrate user content or submit unsolicited telemetry without clear user consent or need.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
A product lookup skill should only need read access to retrieve listing data, but the documentation adds a separate capability to send feedback to another external service. That mismatch between stated purpose and available action broadens the skill’s effective privileges and increases the risk of unauthorized outbound data transmission.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation directs transmission of `deliveryZip` to an external API but provides no privacy notice, minimization guidance, or consent requirement. Postal codes can be sensitive location data, and sending them to a third party without disclosure may expose user location information unnecessarily.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal