ClawHub

TikTok Shop Automation

Security checks across malware telemetry and agentic risk

Overview

This is a real TikTok Shop automation skill, but it needs review because it can affect live store operations, customer data, and account credentials without enough safeguards.

Install only after reviewing the code and using mock mode first. Do not provide production TikTok credentials or session cookies unless you accept local plaintext storage risk, verify all Feishu webhook/table destinations, and require human approval before fulfillment, refunds, video publishing, stock updates, customer export, or recurring automation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (10)

Intent-Code Divergence

Medium
Confidence
99% confidence
Finding
The exported getCurrentAccount function shadows the imported binding and then calls itself recursively, causing infinite recursion and a stack overflow whenever other modules invoke it. In an account-management skill, this can reliably break dependent functionality and be used to trigger a denial of service for any workflow that needs the current account.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README promotes autonomous order processing and automatic competitor-price adjustment without any warning, approval controls, rollback guidance, or discussion of operational risks. In an e-commerce automation skill, these actions can directly affect orders, pricing, revenue, customer experience, and platform compliance, so presenting them as simple examples increases the chance of unsafe deployment.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill advertises automated order confirmation, fulfillment, refund handling, and customer notifications without clearly warning that these actions can directly affect real transactions, finances, and customer records. In an e-commerce context, unattended or poorly reviewed automation can cause unauthorized refunds, mistaken shipments, or bulk operational changes at scale.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documented commands include destructive and sensitive operations such as product deletion, refunds, and customer data export, but they are presented as ordinary commands without prominent warnings about irreversible effects or privacy implications. This increases the risk that a user or downstream agent executes them casually, leading to data loss, financial impact, or exposure of customer information.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The examples enable scheduled automation and auto-fulfillment behavior with no caution about unattended execution, exception handling, or rollback limitations. In a live commerce system, recurring jobs and automatic order actions can amplify misconfiguration into large-scale financial, inventory, and customer-service incidents.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The CLI requires a session cookie via `--cookie`, which exposes the secret in shell history, process listings, audit logs, and CI/CD invocation logs. In this skill's context, that cookie likely grants direct access to TikTok accounts, so leakage can enable account takeover, fraudulent actions, or unauthorized automation.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The function automatically sends competitor-monitoring alert content to Feishu when `options.alert` is set, without any consent flow, confirmation, or local disclosure in this code path. In an analytics skill, silently forwarding business intelligence to an external messaging platform can leak sensitive commercial information to unintended recipients if the Feishu integration is misconfigured or broadly accessible.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The code interactively collects TikTok API credentials and Feishu tokens/webhook URLs, then persists them to a local config file without clearly warning the user that these secrets will be stored on disk. This increases the risk of accidental credential exposure through weak file permissions, backups, shared machines, or later exfiltration by other local processes.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
When low-stock items are detected, the function sends product inventory details to Feishu if Feishu is enabled or a notifyEmail option is present, but there is no explicit user confirmation at send time and the condition is misleading because notifyEmail can trigger Feishu delivery. This can cause unintended external disclosure of operational business data such as product titles and stock levels to a third-party messaging platform.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
This code exports order and customer data, including names and email addresses, to Feishu tables and webhooks without any visible minimization, consent check, or policy guardrail. In an agent/automation context, that increases the risk of unintended third-party data disclosure, especially if configuration points to the wrong tenant, table, or webhook.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal