ClawHub

Temu Price EU

Security checks across malware telemetry and agentic risk

Overview

This Temu EU pricing skill is not malicious, but it should go to Review because it handles powerful marketplace tokens, can change live prices, and includes broader proxy, download, and token-exposure utilities than the narrow pricing purpose requires.

Install only if you trust the publisher and are comfortable giving the skill access to live Temu seller tokens and LinkFox gateway access. Before use, avoid storing long-lived tokens in plaintext, do not use the unmasked token listing or raw token output in shared logs, and require explicit human confirmation before any SKU price-change request. Prefer a version that removes the generic multi-site proxy/file-download utilities or strictly limits them to EU pricing endpoints.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (17)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The script retrieves and prints a generic Temu access token based on user-supplied store, site, management type, and purpose, without constraining it to the skill's stated EU price-management scope. In an agent-skill context, this creates a reusable credential extraction primitive that can be repurposed for broader Temu API access than users would expect from a narrowly described pricing skill.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The code exposes a reusable mechanism to extract stored API credentials and emit them directly to stdout, which is unnecessary for ordinary price-management workflows. Because the token is returned in raw form, any downstream tool, prompt, or log consumer can reuse it to perform unrelated actions against Temu APIs, turning the skill into a credential broker.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The docstring and sample usage suggest benign local token retrieval, but the parameters explicitly allow non-EU sites and arbitrary token purposes, contradicting the skill manifest's narrow EU pricing description. This mismatch increases the risk of operator confusion and covert misuse because reviewers may underestimate the breadth of credential access the script enables.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
This script enumerates locally stored Temu access tokens and can optionally print them unmasked via the user-controlled {"mask": false} parameter. Access tokens are sensitive credentials, and exposing them is unrelated to the stated EU price-management functionality, so the script materially increases the risk of credential disclosure, account takeover, and unauthorized API use.

Context-Inappropriate Capability

Medium
Confidence
85% confidence
Finding
This utility accepts a raw access token via command-line arguments and persists it to a local store for later reuse. Storing bearer tokens locally and passing them on the command line can expose credentials through shell history, process listings, logs, backups, or weakly protected local files, which is more dangerous because the advertised skill purpose is EU price management rather than credential management.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
This script exposes file-download functionality even though the skill is described as Temu EU price-management only. That capability expansion can let callers fetch arbitrary remote files or sensitive exports through the gateway path, creating a scope mismatch that may bypass user expectations, policy review, or least-privilege assumptions. In this skill context, the mismatch is more dangerous because users and reviewers would reasonably assume only price-order operations are available.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
This script implements a Temu signed file download capability, but the declared skill scope is limited to Temu EU price-management operations such as querying price orders and changing SKU prices. A capability mismatch like this is dangerous because it expands the skill into data retrieval outside user expectations, creating an unexpected path to access arbitrary signed resources via the gateway.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The code accepts an arbitrary user-provided URL and forwards it to a file download API without demonstrating any restriction that the URL must belong to an approved Temu domain or correspond to a known price-management artifact. In the context of a price-management skill, this creates unjustified arbitrary retrieval capability that could be abused to access sensitive signed files unrelated to pricing if an attacker can supply or obtain such URLs.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The script is implemented as a generic Temu proxy: it accepts an arbitrary user-supplied `type` and forwards it to the backend without restricting it to the EU price-management APIs described in the skill manifest. In a skill advertised for narrow EU pricing operations, this creates a scope-bypass that can expose unrelated Temu capabilities and enable unintended actions through the LinkFox gateway.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The manifest and description position this as a Temu Europe pricing skill, but the code only calls a generic `validate_site()` helper and does not enforce `site=eu`. That mismatch lets callers target other regions, undermining least privilege and expanding the skill beyond its declared trust boundary.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill documents use of access tokens and local token storage but provides no warning about credential sensitivity, local persistence risks, or access control expectations. This can lead users to store long-lived marketplace tokens insecurely, increasing the chance of account compromise or unauthorized API actions if the host is shared or breached.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The examples include batch SKU price modification against live marketplace data without a clear warning that the operation can change production pricing at scale. In a commerce context, silent or poorly signposted write actions can cause immediate financial loss, pricing errors, or operational disruption if invoked accidentally or with the wrong token/store.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation instructs users to persist Temu access tokens locally in a JSON file and demonstrates pasting raw secrets into command lines, but it does not provide explicit guidance on file permissions, encryption, shell history exposure, or secret rotation. Because these tokens grant access to business APIs, insecure local storage or command history leakage could allow credential theft and unauthorized API actions.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
This documentation describes a live batch price-modification capability for Temu EU SKUs, including concrete request structure and example payloads, but does not prominently warn that the operation changes production pricing and may have immediate commercial effects. In an agent skill context, omission of a confirmation/safety warning increases the risk that an automated agent or user triggers unintended bulk price changes, causing financial loss, listing disruption, or downstream pricing/order issues.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document instructs users to copy a Temu access_token from the seller backend and optionally save it to a local store, but it does not include any safeguards for handling, storage, masking, rotation, or least-privilege use of that credential. Access tokens are sensitive bearer secrets, so exposing them in copy/paste workflows or persisting them locally without explicit controls increases the risk of token leakage, account misuse, and unauthorized API access.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code persists Temu access tokens in plaintext JSON on local disk and does not set restrictive file permissions or provide any warning that sensitive credentials are being stored. On a multi-user system, shared workstation, or compromised host, these tokens could be read from the filesystem and reused to access or modify partner pricing data through the linked APIs.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script prints the full access token in JSON to stdout, which is commonly captured by shell history, CI logs, agent transcripts, or observability systems. In a tool-using agent environment, stdout disclosure is especially dangerous because secrets can be unintentionally propagated to other tools or exposed to users and logs beyond the trusted boundary.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal