ClawHub

Temu Promotion EU

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches Temu promotion automation, but it also exposes broad Temu API access and weak local handling of sensitive access tokens.

Install only if you trust the LinkFox gateway and need Temu seller-account automation. Prefer the dedicated EU promotion scripts, avoid the generic proxy for unrelated Temu APIs, use least-privileged and revocable tokens, and avoid saving or printing raw access tokens in logged terminals or agent traces.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (15)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The documentation instructs users to persist Temu access tokens locally and retrieve them later via helper scripts, even though this skill is promotion-focused and does not inherently require a local credential store. Expanding the skill surface to include credential storage increases the risk of token exposure, misuse across shops or APIs, and accidental leakage from developer machines or shared environments.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
This helper supports token purposes and shop types far beyond the skill's stated EU promotion scope, including order-shipping, product-inventory, full-managed, and local-native flows. In a skill that should only handle promotion APIs, this creates scope expansion that can enable collection or use of broader account credentials than users would reasonably expect.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The declared valid token purposes include product-inventory and order-shipping, which are unrelated to a promotion-only skill. That mismatch increases the chance that operators will obtain overly privileged tokens and reuse this skill outside its intended boundary, violating least privilege.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The usage hint explicitly says the token is for semi-managed product and inventory APIs, which contradicts the promotion-focused skill purpose. This can mislead users into authorizing broader API access and using the skill as a gateway for non-promotion operations.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The script accepts an arbitrary API "type" and forwards it to a generic Temu proxy endpoint, enabling access well beyond the promotion-only scope declared in the skill metadata. This creates a scope-expansion vulnerability: users invoking a promotion skill could reach unrelated Temu APIs, potentially including product, pricing, order, or other privileged operations, defeating least-privilege and policy boundaries.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The module docstring explicitly presents the tool as a general "Temu API Proxy" and even demonstrates a non-promotion example API type, reinforcing that the implementation is intentionally broader than the skill's stated purpose. In security-sensitive agent ecosystems, misleading or overbroad capability framing increases the risk of misuse, accidental policy bypass, and unsafe routing by downstream components or operators.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger conditions are very broad and include common promotion-related terms, so the skill may activate in conversations that only loosely mention discounts, campaigns, or inventory promotions. In a skill that can access tokens, write files, and call external APIs, overbroad activation raises the risk of unintended execution, data transmission, or user confusion about which integration is being invoked.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly routes requests through an external gateway and references scripts for saving and reading access tokens locally, yet it does not prominently warn that user data and credentials may be transmitted off-platform or stored on disk. In a commerce integration handling API keys and access tokens, this omission materially increases the risk of credential leakage, unauthorized reuse of tokens, and improper handling of sensitive business data.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The markdown explicitly recommends storing sensitive Temu access tokens in a local JSON file and shows commands that include raw tokens, but it provides no warning about secret handling, shell history exposure, file permission hardening, or secure storage alternatives. In a skill that helps operators manage promotion APIs, this makes credential compromise more likely because users are encouraged to handle long-lived business tokens in an unsafe way.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The API reference explicitly instructs users to send sensitive credentials (`Authorization`, `Token`, `LINKFOXAGENT_API_KEY`, `accessToken`, or `storeKey`) through a third-party gateway but does not provide any warning about credential sensitivity, storage, logging, or privacy implications. In a skill that proxies e-commerce platform operations, this increases the risk of accidental credential exposure, misuse, or over-sharing by users who may not realize these tokens grant store-level access.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document instructs users to copy a Temu access token from the seller backend and optionally save it to a local store, but provides no handling safeguards, storage requirements, masking guidance, or warnings about credential sensitivity. Because this skill is specifically about proxying authenticated e-commerce API calls, exposing or insecurely persisting access tokens could allow unauthorized access to store data and operations such as promotions, coupons, and campaign management.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The guide tells users to manually copy and save an access_token but does not clearly warn that it is a sensitive credential granting API access. In this context, that omission is dangerous because users may paste, store, or transmit the token insecurely, enabling account/API compromise if exposed.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Multiple step lists instruct users to copy access tokens and in one case save them with another script, but they provide no disclosure about credential sensitivity or secure storage expectations. Because this skill already exceeds its stated scope, normalizing casual token handling further increases the risk of accidental leakage and misuse of privileged credentials.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code persists access tokens in plaintext JSON on the local filesystem and does not set restrictive permissions or provide any warning about where sensitive credentials are stored. On multi-user systems, shared environments, backups, or compromised hosts, these tokens may be exposed and reused to access the Temu seller account APIs.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script prints the retrieved access token in plaintext JSON to stdout, which can leak credentials into logs, terminal scrollback, orchestration traces, or downstream tooling. In an agent/skill environment, stdout is often captured automatically, making secret exposure substantially more likely and potentially enabling unauthorized API access with the leaked token.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal