ClawHub

Crossborder Ecom Hub

Security checks across malware telemetry and agentic risk

Overview

This ecommerce management skill is mostly purpose-aligned, but it needs review because it handles marketplace credentials and business data while offering high-impact sync/pricing actions without enough safeguards or disclosure.

Review before installing in any real seller environment. Prefer environment variables or a secrets manager over the config file, use least-privilege marketplace and Feishu credentials, avoid --apply and broad sync commands unless you have an external preview/approval process, and treat this version as a prototype because many marketplace API actions are mocked while Feishu syncing is real.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The method is documented and named as if it configures a persistent inventory alert, but it only logs a message and returns success. This can mislead operators into believing low-stock monitoring is active when it is not, causing missed replenishment events and operational failures.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly promotes automatic syncing of commerce data to Feishu, but the documentation does not warn that product, order, inventory, and potentially customer-related business data will be transmitted to a third-party platform. In an e-commerce management context, silent or underexplained external export increases the risk of unintended data disclosure, compliance issues, and misuse of connected SaaS credentials.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The pricing commands describe automatic application of competitive or aggressive strategies without clearly warning that they can change live marketplace prices across connected platforms. In a multi-platform commerce skill, this can directly trigger unintended price changes, margin loss, policy violations, or cascading business impact if a user assumes the operation is only advisory.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The remove path deletes a configured platform immediately based on user input, with no confirmation prompt, dry-run, or explicit warning. In a CLI that manages platform integrations and credentials, accidental invocation, scripting mistakes, or operator error can cause unintended loss of configuration and service disruption.

Missing User Warnings

Medium
Confidence
72% confidence
Finding
The report sync sends the entire serialized report object to an external SaaS endpoint via the 数据 field, which can unintentionally include sensitive business or personal data beyond the explicitly mapped summary fields. Because the upload is broad and opaque, downstream callers may leak confidential internal data to Feishu without realizing the full report payload is being exfiltrated.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The export functions write full order records, including customer-identifying data, directly to an arbitrary filesystem path with no confirmation, access control, minimization, or disclosure. In an agent or automation context, this can silently persist sensitive business and customer data to disk where it may be over-retained, exposed to other local users/processes, or written to unintended locations.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
PlatformManager persists full platformConfig data, including API credentials, to ~/.crossborder-ecom/config.json in plaintext without encryption, permission hardening, or user disclosure. If the local machine is multi-user, compromised, backed up insecurely, or the home directory is exposed, an attacker could recover marketplace API keys and gain unauthorized access to connected seller accounts.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
`applyPricing` performs bulk price changes across one or more platforms immediately, with no confirmation prompt, dry-run mode, approval gate, or rollback protection. In an agent skill context, this is dangerous because an incorrect option, bad upstream data, or unintended invocation can silently modify live product pricing at scale and cause financial loss or business disruption.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal