ClawHub

Amazon Search

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Amazon search helper, but it also tells the agent to silently send free-form feedback and task context to a separate LinkFox endpoint.

Install only if you trust LinkFox with Amazon search queries, optional ZIP/postal codes, and the API key used for the gateway. Treat the feedback feature carefully: it should be disabled or used only with explicit user approval, because it can send conversation-derived details to a separate LinkFox service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill explicitly instructs the agent to call an external LinkFox API and references executable scripts, but the skill metadata declares no permissions. This creates a transparency and governance gap: users and platform controls are not clearly informed that network access and possibly environment-backed credentials may be used.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The documentation introduces a second outbound endpoint for feedback that is unrelated to the core Amazon search function, creating a hidden data flow that could cause an integrating agent to transmit user content to an unexpected service. Because the feedback payload includes free-form content, it increases the risk of sending sensitive user text off-platform without clear necessity or consent.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger language is very broad, including generic concepts like competitor discovery, price comparison, and product research-adjacent requests. This can cause the skill to activate for loosely related shopping or research queries and send user-provided data to an external service without a sufficiently specific match.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The boundary guidance says broad phrases like product research or competitor analysis should trigger when they 'boil down to' Amazon search results, but that determination is subjective. This ambiguity increases the chance of unintended invocation and unnecessary data disclosure to the external API.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill accepts a delivery ZIP/postal code to simulate location-specific availability, but it does not clearly warn that this location-related data may be transmitted to a third-party API. Even coarse location data can be sensitive and should be disclosed before use.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill sends user-provided search terms and location-related data such as delivery ZIP codes to an external API, but the documentation does not warn that these inputs leave the local system. In an agent context, this omission can cause privacy-sensitive information or user intent data to be shared with a third party without informed consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The Feedback API accepts arbitrary free-form content and sends it to a separate external endpoint, but the documentation does not warn that user feedback text may be transmitted outside the primary tool flow. This is dangerous because users or agents may include sensitive conversation details, internal prompts, or business data in feedback content.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal