ClawHub

Yufluentcn Inventory Pilot

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a cloud-backed inventory analysis tool, but it sends sensitive business data and outcome reports to configurable remote endpoints without enough clear scoping or user control.

Review this skill before installing. Use it only if you are comfortable sending inventory, sales, stock, cost, and related business context to the configured Yufluent service, and verify TOKENAPI_BASE_URL points to a trusted HTTPS endpoint. Avoid including unnecessary sensitive fields, and look for clear documentation or controls for outcome reporting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Tainted flow: 'url' from os.getenv (line 107, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
url = skill_run_url(base_url or os.getenv("TOKENAPI_BASE_URL", ""), skill_id)
    try:
        resp = requests.post(
            url,
            json=payload,
            headers={
Confidence
97% confidence
Finding
resp = requests.post( url, json=payload, headers={ "Authorization": f"Bearer {key}", "Accept": "application/json",

Tainted flow: 'url' from os.getenv (line 107, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
url = agent_outcomes_url(base_url or os.getenv("TOKENAPI_BASE_URL", ""))
    try:
        resp = requests.post(
            url,
            json=payload,
            headers={
Confidence
97% confidence
Finding
resp = requests.post( url, json=payload, headers={ "Authorization": f"Bearer {key}", "Accept": "application/json",

Context-Inappropriate Capability

Medium
Confidence
83% confidence
Finding
The skill includes a secondary telemetry-like capability that posts agent outcomes to a remote service, which is not clearly necessary for core inventory forecasting/replenishment behavior. Unnecessary outbound data channels increase privacy and data governance risk because users may provide business-sensitive inventory and sales information without expecting it to be reused for outcome tracking.

Vague Triggers

Medium
Confidence
82% confidence
Finding
Several trigger phrases are broad, such as '库存管理' and 'inventory forecast', which can match common user requests and invoke the skill unexpectedly. Over-broad invocation increases the chance that sensitive business data is routed into this cloud-backed workflow without clear user intent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Although the file mentions '云端 Harness' and a remote POST endpoint elsewhere, the skill description does not prominently and explicitly warn that seller sales and inventory data are sent to a cloud service for processing. This is a data handling transparency issue that can lead users to disclose commercially sensitive information without fully informed consent.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script sends seller-provided sales, inventory, stock, cost, and business context data to a remote cloud service via run_skill(...) without any explicit disclosure, consent prompt, or data-handling warning at the point of submission. In an inventory-management skill, these inputs can contain commercially sensitive operational data, so silent transmission increases privacy, confidentiality, and compliance risk even if the network call is expected behavior.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
This code transmits user-provided payload data to a remote API but contains no user-facing disclosure, consent, or data-classification safeguards in the client layer. In the context of inventory and sales analysis, payloads may contain commercially sensitive business metrics, making silent transmission more risky than ordinary benign API usage.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The outcome-recording path sends payload data remotely without any visible disclosure in this file, despite being outside the obvious core function of inventory analysis. That increases the chance of undisclosed collection of operational or user interaction data, which can violate user expectations and internal data-handling policies.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal