ClawHub

Temu Fulfillment US

Security checks across malware telemetry and agentic risk

Overview

The skill is a disclosed Temu fulfillment integration, but it handles powerful shipping actions and stores or prints Temu access tokens with weak safeguards.

Install only if you trust LinkFox/Temu for your fulfillment workflow and are comfortable with scripts that can create, update, confirm, or cancel shipments. Treat Temu accessToken and LINKFOXAGENT_API_KEY as production secrets: avoid pasting live tokens into shell history or chats, prefer secure secret storage, lock down ~/.linkfox if using storeKey, and confirm destructive shipping or cancellation calls before running them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (14)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The script is explicitly designed to persist a Temu access token for later reuse in generic proxy/fileDownload calls, which broadens credential use beyond the stated fulfillment/shipping scope. Persisting reusable API tokens locally increases the blast radius if the host, logs, or token store are compromised, and the mismatch between manifest purpose and implementation makes the capability more dangerous in this skill context.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
This file implements persistent credential storage, but the skill description centers on shipping and fulfillment operations rather than token management infrastructure. A local token cache creates a reusable secret repository that could be abused by other code paths or an attacker with local access, especially when not clearly justified by the skill's advertised purpose.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation instructs users to save a Temu access token locally and even shows example commands containing the raw credential, but it does not clearly warn that this token is a sensitive secret or explain the risks of storing it on disk. In a credential-handling skill, that omission increases the chance of insecure storage, accidental disclosure through shell history, backups, logs, or overly permissive file permissions.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The documentation explicitly instructs users to supply LinkFox gateway credentials and Temu access tokens, but it does not warn that these are sensitive secrets or that requests transmit order and shipping data to external services. In an agent skill context, this increases the chance that a user or downstream automation will paste live credentials into prompts, logs, shell history, or misrouted environments, leading to credential exposure and unauthorized API use.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The example command demonstrates exporting a live API key and passing a live access token directly on the command line, which commonly exposes secrets through shell history, process inspection, CI logs, and copied transcripts. Because this skill is specifically for fulfillment and shipping operations, leaked credentials could enable unauthorized shipment creation, label access, fulfillment changes, or retrieval of sensitive operational data.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This documentation describes a fulfillment-cancellation API with examples and workflow guidance but does not prominently warn that the action is destructive, may be irreversible, and can affect downstream warehouse/order state. In an agent skill context, insufficient caution around cancellation operations increases the risk of accidental invocation by users or automation, potentially disrupting shipments and operational workflows.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The documentation includes command examples that directly reference an API key and access token placeholders without any accompanying warning about secure handling, redaction, shell history exposure, or avoiding use of real secrets in logs and examples. In an API/fulfillment skill context, users often copy-paste examples verbatim, which increases the chance that real credentials will be exposed in terminals, screenshots, CI logs, or shared support transcripts.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The document instructs users to supply sensitive credentials such as `cwAccessToken`, `cwCustomerCode`, and optionally `cwAppKey` without any warning that these are secrets or guidance on safe handling. In an agent skill context, this increases the chance that operators paste live credentials into logs, chats, examples, or improperly secured tooling, leading to credential exposure and unauthorized warehouse or fulfillment actions.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The document instructs users to manually copy a Temu access token from the seller backend and optionally store it locally, but provides no guidance on secure handling, storage protections, masking, or rotation. Because this skill is for fulfillment and shipping operations, the token likely grants access to sensitive order and logistics actions, so careless handling could enable account takeover of API capabilities, unauthorized shipment actions, or exposure of order data.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The guide explicitly instructs users to copy an access token and save it via a script, but it does not warn that the token is a sensitive credential or describe minimum secure-handling expectations. In an auth-guide context, this omission increases the chance that operators will paste tokens into insecure storage, logs, chats, or source control, which could enable unauthorized API access to order and shipping functions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The code persists Temu access tokens in plaintext JSON on disk and returns the storage path, but it does not enforce restrictive file permissions, encryption, or provide any warning that sensitive credentials are being stored locally. On multi-user systems, shared environments, backups, or developer machines with weak filesystem hygiene, this can lead to credential disclosure and unauthorized API access.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script retrieves a stored Temu access token and emits it directly to stdout in JSON. In agent, automation, or shell environments, stdout is commonly captured by logs, parent processes, transcripts, CI systems, or other tools, which can unintentionally disclose the credential and enable unauthorized API access.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The usage example encourages operators to pass a live access token directly on the command line and the script stores it locally without any explicit warning about persistence or sensitivity. Command-line secrets may be exposed via shell history, process listings, or audit logs, and silent local storage further increases the likelihood of accidental credential leakage.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script’s documented usage accepts an access token directly on the command line, which can expose the credential through shell history, process listings, job control tools, audit logs, and orchestration metadata. In this skill context, the token grants access to Temu fulfillment APIs, so leakage could let another local user or monitoring system reuse the token to access or perform actions against shipping-related resources.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal