ClawHub

Picnic Grocery

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a coherent Picnic grocery integration, but its credential and personal-data handling is risky enough that users should review it before installing.

Install only if you are comfortable giving the skill access to your Picnic account, cart, delivery slots, delivery history, and profile details. Avoid sharing the login command in visible terminals or transcripts, treat ~/.config/picnic/config.json as a sensitive credential file, and do not run the bundled debug.mjs helper.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The login command takes the user's email and password directly from command-line arguments, which can be exposed through shell history, process listings, audit logs, or agent telemetry. In an agent skill context, this is especially risky because credentials may be captured by orchestration layers or visible to other local users and tools.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The code persists the Picnic auth token to a local config file under the user's home directory without informing the user or using an OS-backed secret store. Although file mode 0600 helps, stolen local access, backups, malware, or sync tooling could expose the token and enable account access without re-entering credentials.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The status-related functionality retrieves and prints personal account data such as name, email, and address to stdout. In agent and CLI environments, stdout is often logged, surfaced in transcripts, or consumed by other tools, which can unintentionally leak sensitive personal information.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal