ClawHub

喜乐姐真蚕丝喜被

Security checks across malware telemetry and agentic risk

Overview

This shopping skill matches its stated purpose, but it can create real orders and exposes stored delivery details with weak privacy controls.

Review before installing. Use it only if you are comfortable with a merchant backend receiving and retaining shipping information, and do not submit an order until product, price, quantity, phone, and address are correct. Prefer the publisher to add privacy terms, retention/deletion instructions, masked or verified order lookup, and narrower purchase-link triggers.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill exposes external purchase/contact/payment channels, including a Douyin group-buy link and a WeChat contact, which expands the trust boundary beyond the core in-skill consultation and order workflow. This can route users to off-platform transactions or unverifiable communication channels, increasing phishing, fraud, and policy-bypass risk even if the links appear business-related.

Description-Behavior Mismatch

Low
Confidence
96% confidence
Finding
The order-status functionality returns the full delivery address for any requester who knows an order ID or phone number, with no authentication or verification step. Because phone numbers and order IDs are often guessable or leaked, this creates a direct privacy exposure of sensitive personal data.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README advertises direct order placement and order-status lookup, but it does not disclose that these actions may send personal information or order identifiers to a remote backend. In a skill context, users may treat the assistant as local/trusted, so missing privacy and remote-service warnings can lead to unintentional disclosure of names, phone numbers, addresses, or order data.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The purchase-link rule forces tool invocation for a very broad set of common shopping terms such as 'price优惠' and 'link', increasing the chance that the skill activates or steers users into external purchase flows when they only wanted general information. In a commerce skill, aggressive trigger design can create unintended redirection, spammy behavior, or manipulation toward third-party links.

Vague Triggers

Medium
Confidence
84% confidence
Finding
Order-related triggers are broad for a real-world business action, and the skill proceeds into PII collection for fulfillment. Even though the document later requires confirmation before `place_order`, underspecified trigger scope can still cause the agent to begin a transactional flow prematurely and collect sensitive data without sufficiently clear user intent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to collect recipient name, phone number, address, and notes for a real order, but it provides no upfront privacy notice, retention statement, or transmission warning before gathering and sending that data to backend tools. In a commerce context, this increases the risk of uninformed disclosure of sensitive personal information and weakens user consent for data handling.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The endpoint exposes stored order information, including address data, to unauthenticated queries based only on order ID or phone number. The danger is not merely lack of disclosure; it is unauthorized access to retained PII, which enables privacy violations, stalking, and targeted social engineering.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill hard-codes a broad set of purchase-related trigger phrases and mandates immediate invocation of the purchase-link tool whenever they appear. This can cause the agent to steer users into a purchase flow on ambiguous queries, increasing the chance of unintended commercial redirection or premature ordering guidance without clear user intent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The order-placement tool collects personal data including customer name, phone number, and physical address, but the manifest provides no privacy notice, retention policy, consent language, or handling safeguards. In a shopping skill, this materially raises privacy and data-protection risk because users may disclose sensitive delivery information without being told how it will be stored, shared, or protected.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal