ClawHub

Add to Cart from Bitable

Security checks across malware telemetry and agentic risk

Overview

The skill has a legitimate cart-automation purpose, but it can alter a live shopping cart and send results to a fixed Telegram account without enough user-controlled scoping.

Install only if you trust the Feishu table, the fixed Telegram recipient, and the browser profile it will use. Prefer changes that add a dry-run preview, require explicit approval before cart changes, restrict product URLs to expected shopping domains, and make Telegram notifications opt-in and user-configurable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill includes an outbound Telegram notification step that is outside the stated scope of reading Bitable data and adding items to shopping carts. This expands data flow to a third party and could leak purchase details, URLs, or operational status without clear user consent.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Telegram messaging is not necessary to accomplish batch add-to-cart automation, so it represents unjustified external communication. In this context, the extra channel makes the skill more dangerous because it can exfiltrate procurement activity or item details to a fixed recipient identifier.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill performs account-affecting browser actions and also sends outbound Telegram notifications, but the documentation does not warn users about cart modifications, third-party data sharing, or consent requirements. In a shopping-account context, silent automation is more dangerous because it can alter a user's account state and disclose procurement information externally.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script performs real browser automation against Taobao/Tmall product pages and directly clicks SKU, quantity, and 'add to cart' controls without any explicit user confirmation, preview, or transaction boundary. In this skill's context, that behavior can modify a user's live shopping session and create unintended purchases or cart pollution if records are incorrect, tampered with, or processed unexpectedly.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal