ClawHub

Temu Price US

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it needs Review because it can use stored Temu credentials to change live pricing and exposes broad proxy, file download, and raw token utilities beyond a tightly scoped US price workflow.

Install only if you trust the LinkFox gateway and publisher with Temu seller credentials and live pricing authority. Use least-privilege or short-lived Temu tokens where possible, avoid printing raw tokens, protect or avoid the local token store, review every price-change payload before execution, and remove or ignore the generic proxy and file-download scripts if you only need the four US price APIs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (17)

Lp3

Medium
Category
MCP Least Privilege
Confidence
85% confidence
Finding
The skill advertises network access, token handling, and local token persistence, yet no explicit permissions model is declared. That creates a trust gap: operators and users cannot easily see that the skill can read environment secrets, write files, and call external services, which increases the risk of unintended secret exposure or misuse of stored credentials.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The documented purpose is a narrow Temu US price-management wrapper, but the file also exposes generic proxying for arbitrary API types, signed file download, token validation, and token persistence utilities. This broader-than-declared behavior materially expands the attack surface and can let a caller use the skill for actions unrelated to price management, including accessing other Temu APIs or handling sensitive credentials in ways the description does not prepare reviewers for.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
This helper explicitly retrieves a Temu access token from local storage and prints the raw credential to stdout. In an agent skill context, stdout is often captured by logs, tool traces, orchestration layers, or downstream model context, so this creates a direct secret-exfiltration path that can enable unauthorized API access and price-management actions.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
This script introduces credential-storage behavior that is outside the advertised Temu US price-management scope, which expands the skill's effective privileges and attack surface. In an agent ecosystem, hidden or undocumented token-handling utilities are dangerous because they can enable later API access across other workflows without clear user awareness or scope restriction.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The script persists a sensitive Temu access token locally for reuse, but the stated purpose of the skill is price management rather than credential management. Storing reusable credentials without a clear need or lifecycle controls increases the risk of token theft, unintended cross-operation reuse, and privilege persistence beyond the current task.

Description-Behavior Mismatch

High
Confidence
93% confidence
Finding
This file adds a signed file-download capability even though the skill is described as a Temu US price-management integration. Scope mismatch is dangerous because it expands the agent's reachable actions beyond user-expected pricing operations, enabling access to arbitrary signed resources if an attacker can supply or influence the URL parameter. In an agent environment, hidden cross-scope capabilities materially increase abuse potential and reduce the effectiveness of policy and user consent boundaries.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The script is a generic Temu API proxy that accepts an arbitrary API type and parameter object, while the skill is declared as a narrowly scoped US price-management integration. That mismatch creates a capability-expansion issue: a caller can invoke unrelated Temu APIs through this skill, potentially bypassing intended permission boundaries, review expectations, and user consent tied to the manifest.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The module documentation explicitly advertises a broad Temu API proxy and example usage for a non-price endpoint, contradicting the skill’s stated narrow US pricing purpose. This is dangerous because it signals and facilitates out-of-scope use, increasing the likelihood that operators or downstream agents invoke privileged APIs that were never intended to be exposed by this skill.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
This script exposes a generic file-download capability through /temu/fileDownload, but the skill’s stated purpose is Temu US price management. Even though the code itself is small and only forwards parameters, this scope mismatch increases the chance that the skill can access or retrieve files unrelated to the user’s intended price-management workflow, creating an unnecessary data-access surface. In a gatewayed integration, such hidden auxiliary capabilities are dangerous because they may be invoked to fetch sensitive exports, reports, or other remote resources using the provided access token.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The documentation includes a batch SKU base-price modification flow against live commerce data without an explicit warning, confirmation step, or safety guidance. In a pricing context, accidental or misunderstood use can directly alter production pricing, causing financial loss, margin erosion, or marketplace policy issues.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation encourages storing a live Temu access token on disk in a predictable local path without clearly warning that the token is a sensitive credential or advising on filesystem permissions, encryption, or host hardening. If the workstation is shared, compromised, backed up insecurely, or the file permissions are too broad, an attacker could recover the token and use it to access or modify Temu business data through the API.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The document instructs users to manually copy an access_token from the Temu seller backend and optionally save it to a local store, but provides no warning about credential sensitivity, storage protections, or exposure risks. Because this skill handles marketplace authorization for price-management APIs, compromise of the token could enable unauthorized API access and pricing changes with business impact.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The code persists Temu access tokens to a local JSON file in plaintext, with no file-permission hardening, encryption, or user-visible warning about sensitive credential storage. If the host is multi-user, backed up, synced, or otherwise accessible to other local processes, the tokens could be recovered and used to access the associated Temu store APIs.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The file-download helper forwards both an access token and a user-supplied url to a backend download endpoint without any validation or allowlisting in this module. If the upstream gateway fetches arbitrary URLs, this can enable SSRF-style behavior or unauthorized access to internal resources via the gateway, and the presence of authentication in the same request increases the sensitivity of misuse.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script emits the full stored access token in JSON output without any warning or masking. This is dangerous because shell history, CI logs, agent transcripts, debugging output, or other observers can capture the token, and anyone obtaining it may impersonate the store and perform sensitive Temu pricing operations.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This script enumerates locally stored Temu access tokens and allows unmasked output via the user-controlled {"mask": false} parameter. Even though it does not transmit tokens externally, printing credentials to stdout materially increases the chance of accidental disclosure through terminal history, logs, screenshots, or downstream tooling, which is especially sensitive in a skill handling production pricing operations.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The utility asks users to pass the access token directly on the command line and saves it to a local store without any warning about secure handling. Command-line secrets may be exposed through shell history, process listings, logs, or terminal recording, and local persistence compounds the exposure if the storage backend is not strongly protected.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal