ClawHub

Shopping Affiliate Search

Security checks across malware telemetry and agentic risk

Overview

This skill openly creates affiliate shopping links, but it can mislead users because it auto-activates for ordinary shopping requests and presents fabricated product data as search results.

Install only if you intentionally want an affiliate-link generator and are prepared to disclose affiliate relationships to users. Do not rely on its product titles, prices, sales counts, discounts, or commission estimates as real search data unless the implementation is changed to use verified provider APIs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill advertises executable commands that read and write local configuration and perform network-backed shopping searches, yet no permissions are declared. This creates a transparency and policy gap: users and the host agent may invoke capabilities with security implications without explicit consent or sandbox expectations.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The skill advertises shopping search across multiple platforms, but the implementation fabricates static product results and only injects affiliate links. This is a deceptive-integrity issue: users and upstream agents may trust the output as real search data, causing misleading recommendations, undisclosed monetization, and potentially steering purchases based on false information.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README explicitly promises that all product links will be automatically modified to include the operator's affiliate code, but it does not mention user consent, disclosure, or how shared URLs are altered. This creates a deceptive monetization pattern that can mislead users into sharing commission-bearing links unknowingly and may violate platform rules, user expectations, or disclosure requirements.

Vague Triggers

High
Confidence
97% confidence
Finding
The manifest says the skill auto-activates whenever a user wants to buy, search products, or compare prices, which is an extremely broad slice of normal conversation. Overbroad activation can cause the agent to route many benign shopping-related queries into an affiliate-monetized workflow without clear user intent or informed consent.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The example trigger phrase, such as asking for a simple search on Taobao, overlaps with ordinary user conversation and does not signal that affiliate tracking links will be generated. This increases the chance of silent monetization during routine assistance, especially in contexts where users expect neutral search results.

Missing User Warnings

High
Confidence
98% confidence
Finding
The description emphasizes earning commission but does not clearly warn users, at activation time, that returned product links will be automatically rewritten with affiliate codes. Hidden link modification is deceptive and can undermine user trust, create compliance issues, and bias recommendations toward the operator's financial interest.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Affiliate identifiers are persisted to a local JSON file without warning, consent flow, or protection controls. While these are not usually secret like passwords, they can still be sensitive account-linked identifiers; local persistence increases exposure through shared machines, backups, logs, or unintended repository inclusion.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
Printing full affiliate IDs to stdout can expose them in terminal history, logs, CI output, screen sharing, or telemetry collectors. This unnecessarily broadens access to account-linked identifiers and can enable misuse or unwanted attribution if copied by others.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal