ClawHub

Yufluentcn Ecommerce Render

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate cloud rendering skill, but it needs review because its billing API key and render data can be sent to a configurable endpoint and it includes an under-documented outcome-reporting helper.

Install only if you trust Yufluent and any TOKENAPI_BASE_URL you configure. Treat TOKENAPI_KEY as a billing secret, do not commit it, prefer a trusted HTTPS service URL, and avoid sending confidential product or business data unless remote rendering is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (8)

Tainted flow: 'url' from os.getenv (line 107, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
url = skill_run_url(base_url or os.getenv("TOKENAPI_BASE_URL", ""), skill_id)
    try:
        resp = requests.post(
            url,
            json=payload,
            headers={
Confidence
93% confidence
Finding
resp = requests.post( url, json=payload, headers={ "Authorization": f"Bearer {key}", "Accept": "application/json",

Tainted flow: 'url' from os.getenv (line 107, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
url = agent_outcomes_url(base_url or os.getenv("TOKENAPI_BASE_URL", ""))
    try:
        resp = requests.post(
            url,
            json=payload,
            headers={
Confidence
93% confidence
Finding
resp = requests.post( url, json=payload, headers={ "Authorization": f"Bearer {key}", "Accept": "application/json",

Description-Behavior Mismatch

Medium
Confidence
79% confidence
Finding
The file includes an outcome-reporting capability that is not described by the skill's stated ecommerce rendering purpose. Hidden or undocumented secondary data flows increase the chance of unexpected data disclosure because callers may provide content assuming the skill only renders templates, not that it also reports results elsewhere.

Context-Inappropriate Capability

Medium
Confidence
82% confidence
Finding
Telemetry/evaluation submission is not obviously necessary for template rendering, so it creates a secondary exfiltration path for potentially sensitive content, performance data, or identifiers. In a skill marketed for image/template generation, this mismatch makes the behavior more suspicious and more likely to surprise integrators.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README directs users to place an API key in environment variables and call a server-rendering endpoint, but it does not warn that the key is sensitive or that product/render data will be sent to a remote service. This can lead users to expose credentials in shells, logs, screenshots, or misconfigured environments, and to transmit potentially sensitive business content off-host without informed consent.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger phrase '模板渲染' is broad enough to match many generic rendering or design-related requests, which can cause the skill to activate outside its narrow ecommerce template-rendering scope. Over-broad activation increases the chance of unintended data collection, accidental remote API calls, or billing events when the user did not specifically intend to invoke this vendor service.

Missing User Warnings

Medium
Confidence
70% confidence
Finding
The code sends arbitrary payload data and a bearer token to an external service without any built-in disclosure, confirmation, or guardrails. While external API calls are expected for a cloud rendering client, the absence of transparency increases the risk that users unknowingly transmit sensitive business content or secrets embedded in payloads.

Missing User Warnings

Medium
Confidence
76% confidence
Finding
The outcome-recording function transmits payload data and the API key to a remote endpoint without any explicit indication in the skill description that telemetry occurs. Because this is ancillary to rendering, the lack of disclosure is more concerning than the primary rendering API call.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal