ClawHub

Secure Shopper

Security checks across malware telemetry and agentic risk

Overview

This skill performs shopping research and optional checkout with clear user-confirmation gates, but users should treat its saved shopping artifacts as sensitive.

Install only if you trust the separate secure-autofill workflow. Avoid putting unnecessary sensitive details in shopping prompts, periodically delete old secure_shopping artifacts, and verify item, price, quantity, shipping address, delivery date, and payment method before confirming checkout.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The CLI `status` path accepts an arbitrary `--file` value and passes it directly to `updateCandidateStatus`, which reads and rewrites that path with no validation that it is a secure-shopper artifact. Any caller able to invoke this script can therefore overwrite arbitrary JSON files writable by the current user, causing integrity damage or corrupting unrelated application state. In this skill context, the danger is somewhat elevated because the skill stores artifacts in a fixed workspace and may be driven by higher-level agents that pass file paths programmatically.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly records the user's shopping prompt, candidate URLs, timing metadata, and decision state to a workspace artifact on disk, but it does not warn the user that this persistence occurs. Because shopping tasks may include sensitive preferences, addresses, product interests, and purchase intent, silent disk persistence creates a privacy and data-retention risk, especially in shared or synced workspaces.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal