ClawHub

Filtalgo Shopping

Security checks across malware telemetry and agentic risk

Overview

This Filtalgo shopping skill mostly matches its stated purpose, but it can make account and order changes with OAuth access while not clearly requiring user confirmation for every sensitive action.

Install only if you intend to use this skill for Filtalgo shopping and are comfortable granting it OAuth-backed access to cart, address, order, payment-preparation, and after-sale workflows. Before using it, treat any cart, checkout, address, cancellation, refund, or after-sale action as sensitive and confirm the exact action, item, address, order, and amount yourself.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The activation text is broad enough to trigger this skill for many generic shopping or order-related requests, which increases the chance the agent invokes a tool-capable commerce workflow without sufficiently narrow user intent. In a skill that can search products, create checkouts, manage addresses, and cancel/refund orders, overbroad activation materially raises the risk of unintended state-changing actions or unnecessary access to account data.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill documents create, update, and delete address operations and order cancellation without prominently warning that these commands modify or remove user data and should require explicit confirmation. In this context, the skill is especially sensitive because it operates on real commerce/account records; an agent following these instructions could alter addresses or cancel/refund orders based on ambiguous prompts or mistaken tool invocation.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The default prompt and skill description position this skill as a generic shopping assistant, and implicit invocation is enabled. That combination can cause the platform to route broad, common shopping requests into a skill that can browse, buy, pay, and manage orders, increasing the chance of unintended invocation for sensitive commerce actions.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The bundle hardcodes OAuth `client_secret` values for local and remote-dev profiles and writes them into the user's config on first load/reset. Embedded secrets in distributed client code are recoverable by anyone with the bundle, enabling unauthorized client impersonation against non-production or internal environments and undermining the confidentiality assumption of a secret-bearing OAuth client.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal