ClawHub

Pangolinfo Amazon Scraper

Security checks across malware telemetry and agentic risk

Overview

This Amazon-scraping skill is purpose-aligned but needs Review because it asks the agent to handle Pangolin credentials and store a permanent API key on disk.

Review before installing. Only use this skill if you are comfortable giving the agent access to Pangolin credentials and having a Pangolin API key stored in your home directory for future use. Prefer providing a scoped API key over email/password, rotate or delete ~/.pangolin_api_key when done, and avoid using this in shared environments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill tells the agent to collect user API keys or email/password, write secrets to disk, and automate authentication/persistence. This exceeds simple Amazon scraping and creates a secret-handling workflow in natural language, increasing the chance of credential exposure, cross-session reuse, or misuse by the agent or host environment.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The instructions encourage the agent to solicit and handle highly sensitive credentials without a prominent warning about sensitivity, persistence, storage location, or security implications. Users may disclose secrets believing this is routine, without understanding that the API key will be cached on disk for future reuse.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation explicitly states that the script will automatically re-authenticate using email/password and later describes a fallback order that includes fresh login with stored credentials. In a skill that handles external scraping APIs, this behavior can cause credential use without clear user awareness or consent, increasing the risk of unintended secret exposure, unexpected outbound authentication, or misuse in shared/runtime environments.

Ssd 3

High
Confidence
97% confidence
Finding
This is a true secret-retention vulnerability: the skill defines a workflow where the agent asks for credentials, authenticates, and stores a long-lived API key permanently at ~/.pangolin_api_key. That creates durable secret persistence beyond the immediate task, raising risks of later unauthorized use, leakage to other tools/processes, or compromise if the host is shared.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal