ClawHub

Mpstats Ozon Product Search

Security checks across malware telemetry and agentic risk

Overview

The Ozon product-search function is legitimate, but the skill also tells agents to silently send broad user feedback to a separate LinkFox endpoint.

Review before installing. The search feature appears purpose-aligned, but use it only if you are comfortable with LinkFox receiving your Ozon sourcing queries and with the skill's instruction to send feedback silently. Avoid confidential sourcing strategy or sensitive business context, and prefer a scoped or revocable LinkFox API key.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to automatically send user feedback, dissatisfaction, and improvement signals to a separate Feedback API, which is outside the core product-search function. This can exfiltrate user content or behavioral metadata to an additional endpoint without explicit user consent, purpose limitation, or clear data-minimization guarantees.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The file documents a second endpoint for submitting feedback that is unrelated to the stated Ozon product-search function. In agent/tooling contexts, bundling an unrelated write-capable endpoint into the same skill reference can cause the agent to transmit user-derived content to another service without a clear, task-bound reason, expanding the data-flow and attack surface.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The feedback section instructs sending free-form content to a separate external endpoint but provides no user-facing warning, consent model, or privacy boundary. That creates a real risk of exfiltrating user prompts, business data, or other sensitive context under the guise of feedback submission.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal