ClawHub

Neway Commerce Os

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a coherent ecommerce site generator, but its scaffold script can delete an existing output folder without confirmation.

Install only if you are comfortable with a commerce scaffold that may generate payment, admin, AI, and deployment code needing review before production. Run the scaffold script only with a dedicated empty output directory, avoid pointing it at existing work, and add real Stripe webhook verification, secret management, test/live separation, privacy review, and locale-specific checkout/legal validation before using it for real transactions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The README says the skill can be invoked from a single natural-language sentence and even fed to any AI assistant, but it does not define clear activation boundaries, allowed scopes, or refusal conditions. In an agentic environment, that ambiguity can cause over-broad triggering, accidental execution on unrelated prompts, or unsafe generation of ecommerce/payment scaffolding without appropriate user confirmation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README promotes production Stripe mode and external AI integration but omits security guidance on secret storage, webhook verification, least-privilege credentials, PII handling, test-vs-live separation, and the risks of real transactions. That omission increases the chance that downstream users will deploy generated code with unsafe defaults, exposing payment secrets, leaking customer data, or processing unintended live charges.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
Automatically replacing images with Unsplash-hosted assets introduces unannounced third-party dependencies and external content loading. That can create privacy, licensing, and supply-chain concerns, especially in enterprise or offline build environments where external assets are prohibited or monitored.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
Automatically replacing images with Unsplash-hosted assets introduces unannounced third-party dependencies and external content loading. That can create privacy, licensing, and supply-chain concerns, especially in enterprise or offline build environments where external assets are prohibited or monitored.

Natural-Language Policy Violations

High
Confidence
89% confidence
Finding
The skill hardcodes Chinese-specific fonts, labels, validation patterns, shipping text, and checkout expectations without user choice. In the context of a broad commerce-site generator, this can silently produce locale-inappropriate flows, invalid form validation, and regulatory mismatches that may mis-handle user data or business logic for other regions.

Natural-Language Policy Violations

High
Confidence
90% confidence
Finding
Requiring all mock data to be Chinese-localized for every project broadens the same locale-forcing issue into generated content and admin flows. In a generally described commerce skill, this can mislead users, create unsuitable default business logic, and increase the chance that deployments ship with incorrect region-specific assumptions.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script unconditionally deletes the computed output directory with shutil.rmtree() if it already exists, without any confirmation, dry-run, or safety guardrails. Because this is a scaffolding tool that takes user-supplied output paths, an operator can accidentally destroy an existing project directory and lose source files or local modifications, especially in automation or repeated runs.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal