ClawHub

Temu Returns Refunds Global

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-built for Temu returns/refunds, but it also stores and exposes reusable Temu tokens locally and includes generic proxy tools that can call broader Temu APIs.

Install only if you trust LinkFox with Temu merchant credentials and returns/refunds data. Avoid saving production access tokens with this skill unless the local machine is single-user and protected; prefer short-lived tokens or a secure secret manager, and rotate any token that has been printed, logged, or stored insecurely. Review generic proxy use carefully because it can call Temu APIs beyond the documented returns/refunds workflows.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (17)

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The skill includes scripts to save, list, and retrieve Temu access tokens locally, which expands the attack surface beyond simple returns/refunds API forwarding. Storing reusable access tokens on disk can expose sensitive merchant credentials to other local users, malware, backups, or accidental disclosure, especially when no storage protections or retention limits are described.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
This helper retrieves and returns a generic Temu access token from local storage based only on caller-supplied parameters, without constraining the token to the returns/refunds capability of this skill. In an agent-skill context, that creates a privilege-boundary problem: any workflow that can invoke this script may obtain reusable marketplace credentials and repurpose them for unrelated APIs, enabling cross-scope misuse and broader account compromise.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
This script enumerates locally stored Temu access tokens and even supports unmasking them via a user-controlled parameter. For a skill focused on returns/refunds APIs, a token-listing utility is unnecessary and materially increases the risk of credential disclosure, enabling unauthorized API access if a local user, compromised agent, or adjacent tooling invokes it.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The script is explicitly designed to persist a reusable access token locally, and nothing in this file indicates encryption, expiry enforcement, or storage hardening. In a skill scoped to returns/refunds operations, retaining broad reusable credentials increases blast radius if the local environment, logs, or token store are compromised.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
This script exposes a generic signed file-download capability even though the skill is described as limited to Temu Global returns/refunds workflows. Scope mismatch is dangerous because it can enable access to documents or artifacts outside the declared business function, especially if downstream authorization relies on the caller having access to this skill rather than enforcing per-file or per-purpose checks.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The file advertises and implements a generic Temu API proxy, which conflicts with the skill's declared returns/refunds-only purpose. In an agent setting, this scope mismatch can let users invoke unrelated Temu operations through the skill, effectively expanding privileges beyond what reviewers and policy expect.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
`build_request` accepts an arbitrary caller-supplied `type` and forwards arbitrary `params` to the backend proxy without enforcing that the operation belongs to returns/refunds workflows. Because `accessToken` is also supplied by the caller and forwarded directly, this creates a general-purpose API tunnel that can be used for unintended Temu actions under the user's credentials.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The markdown explicitly describes saving access tokens locally but gives no warning that credentials will be written to disk. Users may provide high-value API tokens without realizing they will persist beyond the session, creating avoidable exposure if the host is shared, compromised, or backed up insecurely.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill advertises external gateway proxy calls and signed file downloads, but does not clearly warn users that business data, order/after-sales information, and possibly credentials will be transmitted to third-party endpoints. In the returns/refunds context this can involve sensitive commercial and customer-related data, so lack of transparency increases privacy and data handling risk.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The document explicitly recommends storing a Temu access token on disk in a predictable local file path, but it does not warn that this token is a sensitive credential or provide guidance on securing the file. If the host is shared, compromised, backed up to insecure locations, or the file permissions are too broad, an attacker could recover the token and use it to call Temu business APIs through the gateway.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The document instructs users to send sensitive Temu credentials (`accessToken`, `storeKey`, LinkFox API key, and auth headers) through a third-party gateway, but it does not include any warning about credential sensitivity, logging exposure, storage practices, or least-privilege handling. In an API-integration skill, this omission can lead users to paste production secrets into tooling or channels they do not fully trust, increasing the risk of credential leakage or misuse.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation explicitly exposes an API that returns personally identifiable return-contact data, including recipient name, email, phone numbers, and full postal address, but provides no privacy guidance, purpose limitation, masking requirements, or access-control expectations. In the context of an agent skill, this increases the risk that downstream agents or users may retrieve and handle sensitive address data more broadly than necessary, leading to privacy leakage or misuse.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document instructs users to manually copy a Temu access token from the seller backend and optionally save it to a local store, but it provides no guidance on secure handling, storage, masking, or rotation of this credential. Because this skill is specifically about proxying Temu returns/refunds APIs, the token likely grants access to sensitive commerce operations, so mishandling could enable unauthorized API calls, account abuse, or exposure of store data.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The guide explicitly instructs users to copy an access token from the seller portal and save it for later API use, but it does not clearly warn that the token is a sensitive credential equivalent to account/API access. In a skill that helps route Temu API calls through a gateway, normalizing token copying and storage without handling guidance increases the chance of accidental disclosure, insecure storage, or reuse in logs and prompts.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The code persists Temu access tokens in plaintext JSON on local disk without setting restrictive file permissions, encryption, or any warning to users that long-lived credentials are being stored. If the host is multi-user, backed up insecurely, or compromised by malware, these tokens can be copied and used to access partner APIs and aftersales operations for connected stores.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script prints the raw access token to stdout in JSON, which makes the secret likely to be captured in agent transcripts, shell history, logs, debugging output, or upstream orchestration systems. Because bearer tokens are directly reusable credentials, disclosure can let an attacker invoke Temu APIs as the linked store until the token expires or is rotated.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The utility invites users to pass a raw access token on the command line and save it locally, but provides no user-facing warning that the credential will be persisted. This is dangerous because users may unknowingly expose the token through shell history, process inspection, or insecure local storage, creating avoidable credential leakage risk.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal