ClawHub

Temu Manage Product EU

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it handles powerful Temu store credentials and live product changes with broad proxy tools and weak local token protection.

Install only if you trust LinkFox and intend to let this skill operate on live Temu EU product data. Prefer passing short-lived tokens only when needed, avoid saving tokens locally unless the machine is private and protected, do not run generic proxy or file-download helpers for unrelated API types, and require explicit human confirmation before deletion, full product updates, stock/status changes, or compliance edits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (12)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill documentation clearly indicates capabilities to read environment variables, write local files, and make outbound network requests, yet no declared permissions are provided. This creates a transparency and governance gap: users and the hosting platform cannot accurately assess or constrain what the skill can access, increasing the risk of secret exposure, unintended persistence of tokens, or unauthorized API calls.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
This module persists Temu access tokens to a local JSON file and retrieves them later, which creates a credential-at-rest exposure if the host is shared, compromised, or backed up insecurely. In the context of an agent skill for product-management APIs, storing reusable access tokens locally increases the blast radius beyond the immediate operation and is sensitive credential handling that should be minimized and protected.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
This script exposes a generic signed-file download capability even though the skill is described as an EU Manage Product integration focused on product-management endpoints. Broad file retrieval can expand the skill's effective authority beyond its declared scope and may enable unintended access to arbitrary Temu-signed resources if users or upstream tooling assume the skill is limited to product actions.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
This skill is designed to perform destructive and high-impact product-management operations such as deleting products, editing inventory, and changing sale status, but the description provides no explicit warning, confirmation requirement, or safety guardrails. In an agentic setting, this increases the chance of accidental or socially engineered execution causing business disruption, delisting, or inventory corruption.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The document explicitly recommends storing Temu access tokens locally and provides commands to save them, but it does not clearly warn that these are sensitive long-lived credentials whose compromise could enable unauthorized product-management actions. In this skill context, the token grants access to inventory, listing, compliance, and product management APIs, so insecure local storage materially increases the risk of account misuse if the workstation, home directory, backups, or logs are exposed.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
This documentation describes a live product compliance edit operation that can change qualification documents, photos, responsible-person assignments, and governance attributes, but it does not clearly warn that requests may overwrite existing compliance data on real products. In an agent skill context, missing mutation-risk guidance increases the chance of unintended destructive or unauthorized changes, especially because the API targets production Manage Product workflows rather than read-only queries.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This documentation describes a full product update endpoint where `skuList` must contain the complete SKU set, but it does not clearly warn that omitted fields or SKUs may be overwritten, cleared, or lost during a full update. In a product-management skill, that omission is operationally dangerous because users or downstream agents may construct partial payloads and unintentionally destroy live catalog data, inventory metadata, images, or compliance-related fields.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
This documentation exposes a destructive product-deletion capability but does not clearly warn that the action is irreversible or requires elevated confirmation. In an agent-driven context, omission of such guardrails increases the chance of accidental or unauthorized deletion because users or downstream tooling may treat it like a routine read/write operation rather than a high-risk destructive action.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document tells users to manually copy an access token from the Temu seller backend and optionally save it to a local store, but provides no guidance on secure handling, storage protections, masking, rotation, or least-privilege use. In this skill context, the token appears to authorize sensitive product-management operations such as editing, deleting, inventory changes, and listing status changes, so token leakage could directly enable unauthorized business-impacting actions.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The code writes access tokens to disk automatically without any user-facing consent flow or warning, so operators may not realize sensitive credentials are being persisted on the machine. This is dangerous because product-management tokens can enable inventory, listing, and deletion actions, and silent persistence makes accidental exposure through filesystem access, backups, or support bundles more likely.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script retrieves a stored access token and emits it directly to stdout in JSON. Access tokens are sensitive credentials, and printing them to standard output increases the chance of accidental disclosure through shell history, terminal scrollback, logs, agent transcripts, or downstream tooling that captures command output. In this skill context, the token grants access to Temu product-management APIs, so exposure could enable unauthorized inventory changes, listing edits, product deletion, or other account actions.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
This script explicitly accepts a Temu access token via command-line JSON and stores it locally for later reuse. Passing secrets on the command line can expose them through shell history, process listings, audit logs, or agent telemetry, and the script provides no warning or safer input mechanism despite handling highly sensitive credentials.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal