ClawHub

Thrivecart

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Thrivecart integration, but it needs review because it can give an agent broad control over sensitive ecommerce records without clear confirmation rules.

Install only if you trust Membrane and the npm CLI package, and connect only a Thrivecart account you are comfortable delegating to an agent. Require explicit confirmation before purchases, refunds, subscription changes, invoice/customer edits, affiliate changes, or any raw POST, PUT, PATCH, or DELETE request.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill description is overly broad ('Manage data, records, and automate workflows' and 'use when the user wants to interact with Thrivecart data'), which can cause an agent to invoke this skill for loosely related requests without sufficient scoping. In a system that can authenticate, search actions, run actions, and proxy arbitrary API requests, broad triggering increases the chance of unintended access or modification of remote customer, subscription, or transaction data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation instructs the agent how to run actions and send direct proxy requests, including arbitrary HTTP methods, but does not warn that these operations may create, modify, or delete live Thrivecart data. In this context, the omission is dangerous because the skill targets a production commerce platform handling customers, transactions, invoices, subscriptions, and affiliates, so an agent may perform destructive or financially significant operations without explicit user confirmation.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal