Back to skill

Security audit

WordPress/WooCommerce Connector Lite

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward WooCommerce connector that uses a configured store secret to fetch store data, with some privacy and dependency-hardening cautions but no hidden or destructive behavior found.

Install only for agents and users authorized to view WooCommerce customer and order data. Configure OPENCLAW_STORE_URL with an HTTPS store you control, protect OPENCLAW_STORE_SECRET like an API key, avoid using order lookups in shared or untrusted chats, and consider updating/pinning dependencies before production use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill declares required environment variables, including a store secret, but does not declare corresponding permissions or clearly constrain access to sensitive configuration. This creates a transparency and governance gap: operators and users may not realize the skill depends on secrets and external store access, increasing the chance of over-privileged deployment or unintended secret exposure.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly advertises access to customer order information, including customer info and line items, but provides no warning about handling personally identifiable information, least-privilege use, retention, or compliance obligations. In a skill meant to connect an AI agent to a live WooCommerce store, this omission can normalize broad access to sensitive customer data and increase the chance of unauthorized disclosure or misuse.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill handles a store secret and retrieves order details that may include customer information, but it provides no warning about sensitive data handling, privacy implications, or limits on data exposure. In an e-commerce context, this is more dangerous because order data commonly contains personal and commercial information, so users may invoke the skill without understanding the sensitivity of the returned data.

Unpinned Dependencies

Low
Category
Supply Chain
Content
"description": "OpenClaw skill for WooCommerce integration",
  "main": "index.js",
  "dependencies": {
    "axios": "^1.6.0"
  }
}
Confidence
92% confidence
Finding
"axios": "^1.6.0"

Known Vulnerable Dependency: axios==1.6.0 — 10 advisory(ies): CVE-2026-44494 (axios Vulnerable to Full Man-in-the-Middle via Prototype Pollution Gadget in `co); CVE-2026-44495 (axios Vulnerable to Credential Theft and Response Hijacking via Prototype Pollut); CVE-2025-62718 (Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF) +7 more

High
Category
Supply Chain
Confidence
98% confidence
Finding
axios==1.6.0

VirusTotal

51/51 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/index.js:5