ClawHub

vipshop-product-consultant

Security checks across malware telemetry and agentic risk

Overview

The skill largely performs the advertised Vipshop product and review lookup, but it embeds and transmits fixed account/session-like identifiers with every request.

Review this before installing. It appears read-only and scoped to Vipshop lookups, but every run may use the embedded Vipshop identity/tracking values rather than credentials you control. Use it only if you are comfortable contacting Vipshop this way, and delete generated JSON response files when you no longer need the product and review data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script hard-codes multiple account/session-like and API access values such as api_key, user_id, mars_cid, and tfs_fp_token into the request. Embedding these identifiers in source code risks credential leakage, unauthorized reuse, and ties the skill to a specific client identity that may bypass intended access controls or tracking boundaries.

Intent-Code Divergence

Low
Confidence
82% confidence
Finding
The function is described as a query operation, but it also persists both raw API responses and processed review data to local files. This hidden side effect can cause unintended retention of user-generated content and metadata, especially when operators believe the script only performs transient retrieval.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script writes raw review response data and extracted review details to local JSON files without prior notice or controls. Review content may contain personal data or sensitive user-generated material, so automatic persistence increases privacy, data handling, and accidental exposure risks on shared systems.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The script performs an outbound request to a third-party service while transmitting product identifiers, client metadata, locale, and hard-coded account/session-like values, yet the user-facing description does not clearly disclose this network behavior. In a skill context, undisclosed external communication is risky because users may not expect data transmission outside the local environment.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script embeds multiple hard-coded identifiers and token-like values such as an API key, user_id, mars_cid, and tfs_fp_token, then transmits them to a third-party endpoint. Even if these values are only for scraping or session emulation, storing and reusing them in source code can leak credentials or tracking identifiers, enable unauthorized API use, and expose whoever runs the skill to undisclosed outbound data transmission.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal