ClawHub

Yufluentcn Shopify Operator

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed cloud API client for Shopify operations coaching, but users should treat the API key and submitted store context as sensitive.

Install only if you trust Yufluent and intend to send your Shopify question, niche, store URL, and context to its cloud service. Keep TOKENAPI_KEY private, do not commit .env files, and leave TOKENAPI_BASE_URL unset unless you intentionally point it at a trusted service you control.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Tainted flow: 'url' from os.getenv (line 107, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
url = skill_run_url(base_url or os.getenv("TOKENAPI_BASE_URL", ""), skill_id)
    try:
        resp = requests.post(
            url,
            json=payload,
            headers={
Confidence
91% confidence
Finding
resp = requests.post( url, json=payload, headers={ "Authorization": f"Bearer {key}", "Accept": "application/json",

Tainted flow: 'url' from os.getenv (line 107, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
url = agent_outcomes_url(base_url or os.getenv("TOKENAPI_BASE_URL", ""))
    try:
        resp = requests.post(
            url,
            json=payload,
            headers={
Confidence
91% confidence
Finding
resp = requests.post( url, json=payload, headers={ "Authorization": f"Bearer {key}", "Accept": "application/json",

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This CLI collects potentially sensitive inputs such as the user message, store URL, niche, and free-form context, then sends them to a remote API via run_skill() without any explicit notice, consent prompt, or redaction safeguards in this file. In a commerce/operations skill, those fields can easily contain business-sensitive data, internal strategy, or store identifiers, so silent transmission to a cloud service creates a real privacy and data-handling risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal