ClawHub

Ehunt Temu Product Query

Security checks across malware telemetry and agentic risk

Overview

The skill’s Temu product-query purpose is mostly coherent, but it includes an under-scoped helper that can execute any local Python script path, which deserves manual review before installation.

Review this before installing if your agent has broad shell access. Use only the intended ehunt_temu_product_query.py script with response_io, keep LINKFOXAGENT_API_KEY in environment or secret storage, avoid sending confidential user text as feedback, and delete persisted response files when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The wrapper accepts a user-supplied `--script` path and executes that local Python file, making it a generic code-execution launcher rather than a Temu product-query helper. In the context of this skill, that is especially dangerous because it expands the capability from querying product data to running arbitrary local code available in the agent environment, enabling abuse of local files, credentials, network access, or other installed tooling.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger text is intentionally broad enough to activate on generic Temu-related shopping or product-search queries, even when the user did not ask for EHunt or a third-party data service. Overbroad activation can cause unnecessary invocation of external tools, surprise data access, and unintended network/file operations in response to benign conversational requests.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The documentation instructs use of an API key in the Authorization header and environment variables but does not warn that this credential is sensitive or should never be logged, embedded in prompts, or exposed to end users. In an agent/tooling context, that omission increases the chance of accidental secret disclosure through debug output, transcripts, screenshots, or misconfigured integrations.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The Feedback API sends free-form content to an external service, but the documentation does not warn that user-entered text may contain personal, confidential, or regulated information. In a skill that may summarize user intent and results, this omission can lead to unnecessary transmission of user data to a third-party endpoint without minimization or consent controls.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The tool is explicitly designed to persist full API responses to disk, but there is no explicit user-facing consent or warning at execution time that potentially sensitive business data will be stored locally. For an e-commerce intelligence skill, responses may include proprietary query results, identifiers, pricing, or operational metadata, so silent persistence increases confidentiality and retention risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal