ClawHub

Temu Fulfillment EU

Security checks across malware telemetry and agentic risk

Overview

This skill is a real Temu fulfillment integration, but it can change live shipping operations and stores sensitive tokens locally with weak safeguards.

Install only if you trust LinkFox and need live Temu EU fulfillment automation. Use least-privilege Temu tokens, avoid pasting secrets into chat or shell history, protect or replace the plaintext token store with a secure secret manager, and require human confirmation before any shipment creation, shipment confirmation, pickup cancellation, or warehouse fulfillment cancellation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (14)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill declares no permissions, but its documented behavior clearly involves environment access for API keys, network calls to external gateways, and likely file output/download handling. This mismatch weakens review and consent controls because the agent may exercise sensitive capabilities that are not transparently declared, which is especially relevant for an order-shipping skill that handles tokens, shipment data, and signed file downloads.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The trigger terms include broad English phrases such as tracking and order-shipping that can match ordinary user conversations unrelated to this specific Temu EU fulfillment workflow. Over-broad activation can cause the wrong skill to run, increasing the chance of unintended external API calls, token use, or exposure of shipping/order context to an unnecessary integration.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The document explicitly recommends storing Temu access tokens locally in a predictable file path and shows commands that paste raw tokens into shell history and JSON arguments, but it does not warn about file permissions, encryption, shell history exposure, workstation compromise, or secret rotation. Because these tokens authorize Temu business APIs, theft of the token store could enable unauthorized order, shipping, tracking, or fulfillment actions across seller accounts.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The README explicitly instructs that each fulfillment operation is invoked through a shared proxy endpoint, but it provides no warning that these APIs can create shipments, confirm shipment, reserve pickup, cancel fulfillment, or otherwise mutate live commerce and logistics state. In an agent skill context, that omission increases the chance that an agent or operator treats these as informational calls and triggers real-world shipping or order actions without adequate confirmation or safeguards.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The documentation references token authorization for cooperative warehouse providers but gives no handling guidance for credentials, authorization tokens, or other sensitive integration secrets. In an agent-driven integration, lack of token-safety guidance can lead to secrets being requested in chat, logged, echoed back to users, or stored insecurely, enabling unauthorized fulfillment actions or account misuse.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This documentation exposes a destructive cancellation capability for cooperative warehouse fulfillment orders but does not prominently warn users that invoking it can cancel an already-submitted fulfillment request and may disrupt shipping operations. In an agent skill context, unclear safety guidance increases the chance of accidental or unauthorized cancellation, especially when the operation is easy to trigger by order identifiers alone.

Missing User Warnings

Low
Confidence
91% confidence
Finding
The examples include both an API key and an access token in runnable command lines without any accompanying warning that these values are sensitive secrets. In operational use, users commonly paste such commands into shells, tickets, chat, logs, or source repositories, which can lead to inadvertent credential exposure and unauthorized API access.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This documentation exposes a destructive cancellation action for shipment pickup reservations but does not prominently warn users that invoking it can disrupt fulfillment operations, require rebooking, or affect seller logistics workflows. In an agent-driven context, the absence of cautionary language or confirmation guidance increases the chance of accidental execution by users or automated assistants, making this an operationally risky capability.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The document instructs users to copy a Temu access token from the seller backend and optionally save it locally, but provides no security guidance on secret handling, storage protection, masking, rotation, or scope limitation. Because this skill is specifically about fulfillment and shipping operations, compromise of the token could enable unauthorized access to order, shipping, tracking, or related seller account actions.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The guide explicitly instructs users to copy an access token and save it, but it does not clearly label the token as a secret or provide any secure-handling guidance. In an auth-related skill, this omission can lead to tokens being stored in plaintext, pasted into logs or chats, or otherwise mishandled, increasing the chance of credential compromise and unauthorized API access.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The code persists Temu access tokens to a local JSON file in plaintext and does not set restrictive file permissions or provide any explicit warning that long-lived credentials are being stored on disk. If the host is multi-user, backed up, synced, or otherwise compromised, these tokens can be recovered and used to access seller shipping/fulfillment APIs.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This script validates a LinkFox token by sending a probe request to a remote gateway, which necessarily transmits the user's credential off-host. Even though this appears functionally intended and the script masks the token in output, there is no explicit user-facing warning or consent step in this file before the token is sent to an external service, creating credential exposure risk if users do not realize validation requires transmission.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script prints the raw access token to stdout in JSON, which can expose credentials to logs, calling processes, shell history, agent transcripts, or downstream tools. In an agent skill context this is more dangerous because tools often capture and surface stdout automatically, making inadvertent secret disclosure likely and enabling reuse of the token against Temu APIs.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
This script explicitly accepts a Temu access token from the command line and stores it locally for later reuse, but provides no warning about secure handling, retention, or storage protections. Supplying secrets via CLI arguments can also expose them through shell history, process listings, logs, or developer tooling, which makes credential leakage more likely in real deployments.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal