ClawHub

Ecomm Ai Voice Agent

Security checks across malware telemetry and agentic risk

Overview

The skill matches its ecommerce voice-agent purpose, but it needs Review because its workflows can contact customers and change order records through webhooks with no visible authentication or privacy safeguards.

Review before installing in production. Add webhook authentication or signature checks, schema validation, rate limits, opt-in/opt-out and do-not-call controls, least-privilege provider tokens, restricted Sheet/CRM access, retention rules, audit logging, and manual review for high-value or destructive order changes. Use sandbox credentials first.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (19)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
This callback handler does more than log call results: it updates order state to confirmed or cancelled based solely on webhook-supplied call outcome data. Without visible authentication, signature verification, or integrity checks on the callback, an attacker who can hit the webhook could forge outcomes and trigger unauthorized business actions such as confirming fraudulent orders or cancelling legitimate ones.

Intent-Code Divergence

Low
Confidence
80% confidence
Finding
The workflow maps a 'declined' voice outcome into a platform update named and implemented as 'cancelled', which can change the business meaning of the customer's response. This mismatch can cause unintended cancellations and may bypass any separate review or retry logic intended for simple declines.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The workflow ingests transcript and summary fields from an inbound webhook and forwards the resulting call context to downstream internal webhooks, while also persisting summary data to a Google Sheet. For a customer-callback flow, storing and redistributing call-content increases privacy exposure and creates unnecessary retention of potentially sensitive customer data without any minimization or filtering visible in this file.

Context-Inappropriate Capability

Low
Confidence
84% confidence
Finding
The workflow reads entire customer and order sheets, then performs matching in code, which exposes broad datasets to this execution path instead of querying only the needed customer/order record. This over-broad access increases the blast radius if the webhook is abused or the workflow is misconfigured, since unrelated customer and order information becomes available to the run.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill explicitly describes processing customer names, phone numbers, emails, order details, call transcripts, and CRM data across multiple third-party services, but provides no privacy notice, consent requirements, retention guidance, or jurisdiction-specific compliance considerations. In a voice-calling eCommerce workflow, this omission is security-relevant because operators may deploy it in ways that violate privacy, telemarketing, or data-protection obligations, especially where call recording/transcription and outbound campaigns are involved.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The workflow exposes a public POST webhook for new-order intake but shows no authentication, signature verification, source allowlisting, or schema-based validation before persisting and routing the data. An attacker who discovers the endpoint can submit forged orders containing arbitrary customer data, trigger downstream voice/SMS workflows, and pollute records, making this an actual unauthorized event-ingestion risk rather than just a design observation.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The workflow writes customer name, phone, email, order details, and payment context into Google Sheets, creating a secondary store of sensitive customer data. In this skill context, that materially increases exposure because spreadsheets are often broadly shared, weakly audited, and retained indefinitely, so compromised or misconfigured access can leak a large set of order PII.

Vague Triggers

Medium
Confidence
94% confidence
Finding
This workflow exposes a POST webhook that immediately triggers an outbound customer call using attacker-controlled order fields, but it shows no authentication, signature verification, source allowlisting, or validation of the incoming payload. In this eCommerce voice-agent context, unauthorized invocation could be abused to place spam or harassing calls, inject misleading speech content, and generate operational cost and reputational damage at scale.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The workflow is triggered by a broad public POST webhook path with no visible narrowing controls such as authentication, source validation, or request schema enforcement. In this skill context, that is dangerous because the webhook directly feeds order state changes, logging, retry queuing, and customer messaging actions.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The workflow exposes a POST webhook that can trigger outbound WhatsApp/SMS messaging, yet the file shows no authentication, signature verification, source allowlisting, or payload validation. In this context, an attacker who discovers or guesses the endpoint could abuse it to send unauthorized customer messages, create spam/financial cost, and manipulate order-confirmation flows.

Missing User Warnings

High
Confidence
92% confidence
Finding
Customer free-text inquiries, which may contain order details, contact data, or other sensitive information, are sent to OpenAI without any visible consent, minimization, or filtering. In a customer-support context this is more dangerous because the webhook accepts arbitrary user input and forwards it to a third party, creating privacy, compliance, and data-governance risk.

Missing User Warnings

High
Confidence
90% confidence
Finding
The workflow logs customer phone numbers and response summaries to Google Sheets, a third-party data store, without any visible disclosure, minimization, or retention controls. In this context, logging support interactions and potentially model-generated summaries can accumulate sensitive customer data in an easily shared medium, increasing privacy and unauthorized-access risk.

Vague Triggers

Medium
Confidence
97% confidence
Finding
The workflow exposes a POST webhook that performs order status changes without any visible authentication, signature verification, source allowlisting, or validation of who is permitted to invoke it. Because the endpoint can directly update Shopify or WooCommerce orders, an attacker who discovers or reaches the webhook could tamper with order states at scale, causing fraud, fulfillment disruption, or customer-impacting changes.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The webhook exposes a generic POST endpoint with no authentication, signature validation, allowlist, or secret token check shown in the workflow. An attacker who discovers the endpoint could submit arbitrary records, poison CRM data, trigger unwanted HubSpot contact creation, and abuse the system for spammy or misleading entries.

Vague Triggers

Medium
Confidence
80% confidence
Finding
This workflow automatically initiates outbound calls on a recurring cron schedule using only simple order-age/status checks, with no visible suppression list, consent check, attempt limit, timezone gating, or business-hours logic per recipient. In an eCommerce voice-agent context, that creates a real risk of calling customers who did not consent, calling repeatedly, or calling at inappropriate times, which can lead to privacy, compliance, and harassment issues.

Missing User Warnings

High
Confidence
93% confidence
Finding
The workflow sends customer phone numbers, names, and order metadata to an external calling API to place automated calls, but this file shows no consent validation, disclosure handling, data-minimization, or vendor-scope restriction. In a production outbound campaign system, transmitting PII to a third party and triggering robocall-like behavior without explicit safeguards can create significant privacy, regulatory, and abuse risk.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The workflow persists customer phone numbers and call activity into a Google Sheet call log, which expands the storage surface for sensitive contact data without any visible retention, access-control, masking, or disclosure safeguards in this file. That increases the chance of unauthorized access, oversharing, and long-term exposure of customer contact history.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The public POST webhook accepts inbound data on a predictable callback path, and this file shows no verification of source authenticity, shared secret, signature, allowlist, or schema validation. An attacker could submit forged callback events, causing unauthorized CRM entries, internal webhook invocations, and data processing under false customer identities.

Ssd 3

Medium
Confidence
89% confidence
Finding
User-provided free text is sent to an LLM, and the model's output is then truncated for SMS and logged to Google Sheets. This creates a natural path for sensitive information in the customer's message to be echoed back, persisted, and redistributed across external services, amplifying accidental data exposure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal