ClawHub

Temu Compliance Global

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Temu compliance integration, but it bundles broad proxy and plaintext credential utilities that need review before use.

Install only if you trust LinkFox and intentionally need Temu Global compliance automation. Treat LinkFox keys and Temu access tokens as production secrets, avoid the generic proxy scripts unless broad Temu API access is intended, do not print or paste tokens into logs or chats, and prefer a secure secret manager over the plaintext local token store.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (27)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill advertises executable scripts that use environment variables, local file writes, and outbound network access, but the manifest does not declare any permissions or capability boundaries. In an agent setting, this weakens review and sandboxing because operators and automated policy systems cannot accurately assess or constrain what the skill is allowed to do.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The manifest frames the skill as a narrowly scoped Temu Global compliance integration, but the described behavior includes a generic proxy, signed file download, token storage/listing, token validation, and multi-scenario authorization tooling. This scope gap is dangerous because users, reviewers, and calling agents may trust the skill with sensitive credentials and broader API reach than expected, enabling misuse, data exfiltration, or unauthorized actions outside compliance workflows.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
This script retrieves a locally stored Temu access token and prints it in cleartext, directly exposing a reusable secret to any caller with script access. That behavior exceeds the stated skill purpose of forwarding Global compliance APIs and creates a credential-exfiltration primitive that could enable unauthorized API calls across the associated Temu account.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The script accepts arbitrary site and tokenPurpose values, allowing retrieval of tokens outside the declared Temu Global compliance context. This broadens the accessible credential surface and undermines the skill's claimed scope, making abuse easier if an attacker can invoke the script with alternate parameters.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
This script enumerates locally stored Temu access tokens, which is a credential-discovery capability unrelated to the declared compliance API purpose of the skill. Even though masking is enabled by default, the CLI explicitly allows disabling masking, and token inventory alone can reveal sensitive account presence and facilitate follow-on credential theft or misuse.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The script accepts user-controlled JSON and can print unmasked locally saved access tokens by setting mask=false, directly exposing secrets to anyone able to invoke it. In the context of a Temu Global compliance skill, this is especially dangerous because credential disclosure is outside the business purpose and could enable unauthorized API access, account takeover of integrations, or lateral movement into related systems.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The script explicitly accepts an arbitrary Temu access token and persists it locally for later reuse, which extends beyond the declared compliance-focused scope of the skill. In a skill advertised for compliance APIs, adding credential storage for broader proxy/fileDownload reuse increases the chance of unauthorized token retention and misuse, especially if users do not expect the skill to act as a token vault.

Intent-Code Divergence

Medium
Confidence
87% confidence
Finding
The module documentation states that saved tokens are intended for reuse in proxy/fileDownload calls, which is inconsistent with the skill’s stated Temu Global compliance-only purpose. This mismatch is dangerous because it signals hidden or broader operational capability than users and reviewers would reasonably expect, enabling credential reuse outside the advertised trust boundary.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The script is a generic proxy that accepts an arbitrary API type from user input and forwards it through the global gateway, while the skill metadata claims a compliance-only scope. This creates a capability-expansion issue: a caller can invoke non-compliance Global product APIs through the skill, bypassing the intended manifest restrictions and potentially accessing broader Temu Global operations than users or reviewers expect.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The script advertises and exemplifies a generic Temu API proxy, while the skill metadata says it is only for Temu Global compliance APIs. This mismatch can mislead downstream users or agents into invoking broader platform operations than intended, weakening scope boundaries and enabling unauthorized use through a compliance-branded skill.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The code forwards an arbitrary user-supplied API type directly into the proxy request without restricting it to the documented compliance-related namespaces. In a skill whose stated purpose is limited to Global compliance, this creates a confused-deputy style abuse path where the skill can be used as a general API relay for unintended Temu operations.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script accepts any validated site value, but the skill description says it is for Global-station compliance and references site=global usage. Allowing non-global sites expands the operational scope beyond the manifest and may permit use against unintended regional environments, increasing the chance of policy bypass or misuse.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The manifest uses broad natural-language triggers such as any mention of Temu Global compliance, certificates, GPSR, images, uploads, and related terms without defining exclusions or tighter activation criteria. Over-broad triggering can cause the wrong skill to activate in unrelated contexts, increasing the chance of unnecessary credential use, unintended network calls, or accidental handling of sensitive files.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The document instructs users to store a Temu access token locally in a predictable file path but does not explicitly state that the token is a sensitive secret or that the file must be protected with restrictive permissions. If users follow this guidance on shared systems, in synced home directories, or on compromised hosts, the token could be exposed and abused to access Temu business APIs under the merchant account.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation explicitly supports uploading product certification documents, qualification files, and images to an external API, but it does not warn users that these materials may contain sensitive business, regulatory, or personal data. In a compliance workflow, users may reasonably submit certificates, inspection reports, and real product pictures without understanding data handling, third-party transmission, or privacy implications, increasing the risk of unintended disclosure.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The document instructs users to upload compliance-related files as base64 to an external API but provides no warning about the sensitivity of the data, data handling expectations, or restrictions on what should be sent. In a compliance workflow, uploaded documents may contain product certifications, identity details, or other regulated business information, so omission of privacy/security guidance materially increases the risk of inadvertent data exposure or improper transmission.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The document describes a write-capable API that edits live product compliance data but does not clearly warn users that invoking it will modify remote state. In an agent skill context, this increases the risk of accidental destructive or unauthorized changes to compliance attributes, certificates, or GPSR-related data when a user may believe they are only querying information.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The usage example includes an access token and a full write payload without warning that it transmits sensitive credentials and triggers a remote modification. In an agent-integrated environment, such examples can normalize unsafe handling of secrets and increase the chance of users pasting production tokens or running mutating commands unintentionally.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation instructs users to upload base64-encoded 'real product images' to an external API but does not warn that images may contain sensitive or regulated data, such as embedded metadata, personal information, location data, or proprietary product materials. In a compliance workflow this omission can lead users to transmit sensitive content without minimization, consent checks, or retention awareness, increasing privacy and data-handling risk.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The document explicitly shows use of both an API key environment variable and an access token in example commands, but provides no warning about credential sensitivity, storage, logging, or transmission to an external gateway. In an agent-skill context, users may copy-paste these examples into shells, tickets, or chat logs, increasing the risk of credential leakage and unauthorized API access.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The document instructs users to copy a Temu access token from the seller backend and optionally save it to a local store, but it provides no guidance on secure handling, storage protections, redaction, expiration, or least-privilege use. Because this skill is specifically about authorization and API access for Temu Global compliance workflows, the token is a high-value credential that could enable unauthorized API access if exposed through logs, local files, screenshots, shell history, or weak local storage.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation states that the skill forwards requests through a proxy and defaults to a product-inventory token purpose, but it does not warn users that compliance data, product metadata, certificates, or images may be transmitted to external Temu/LinkFox systems. In a compliance-focused skill, this omission is meaningful because users may upload sensitive business records or regulated product documentation without clear notice about external transfer and state-changing effects.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The catalog enumerates certificate, image recognition, real-image upload, and file upload endpoints without any privacy or external-side-effect warning. Because these APIs can upload compliance evidence and product assets to third-party systems, lack of disclosure increases the risk of accidental transmission of sensitive documents, personal data, or irreversible changes in external compliance workflows.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The guide instructs users to copy and save an access token, but it does not clearly label the token as a sensitive secret or warn against insecure handling such as logging, committing, sharing, or storing it in plaintext. In this skill context, the content is specifically operational guidance for obtaining API credentials, so omission of secret-handling warnings materially increases the chance of credential leakage and subsequent unauthorized API access.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The code persists Temu access tokens in plaintext JSON on the local filesystem without setting restrictive file permissions, encryption, or any safety checks. If the host is multi-user, backed up, synced, or otherwise accessible to other processes, these tokens can be read and used to access compliance APIs as the seller account.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal