ClawHub

pick the best - shopping assistant

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed shopping assistant that sends shopping queries to Pick the Best and uses affiliate product links, with no evidence of hidden local access or destructive behavior.

Install only if you are comfortable sending shopping searches to Pick the Best and receiving affiliate-tracked product links. Avoid including sensitive personal information in shopping prompts, and specify your country or currency when you want region-accurate prices.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill explicitly instructs the agent to include affiliate tracking links in returned product URLs. That creates an undisclosed monetization pathway and can bias recommendations toward referral-bearing links rather than purely user-beneficial results, which is risky in a shopping assistant context.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger words include very generic terms like "shop," "buy," "product," "deal," and especially "price," which can activate the skill in conversations where the user did not intend to invoke an external shopping integration. In this skill’s context, unintended activation is more dangerous because it can send user shopping-related queries to a third-party MCP server and influence recommendations through affiliate-linked results.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explains the MCP server connection and tool use but does not prominently warn users, before use, that their search queries are transmitted to an external service. Although a later privacy section mentions query processing by GPT-4, that disclosure is easy to miss and is not presented as an up-front consent or data-sharing warning, which creates a transparency and privacy risk.

Vague Triggers

High
Confidence
94% confidence
Finding
The triggers include very broad terms like "shop," "buy," "product," "deal," and "price," which are likely to match many ordinary conversations. Overbroad activation increases the chance the skill runs unexpectedly and sends user content to the external service without clear intent or informed consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill states that it will help users via direct HTTP API calls and later uses user queries and optional session identifiers, but it provides no user-facing privacy notice or consent mechanism. This can result in user shopping intents and conversation-linked identifiers being transmitted to a third party without transparency.

Natural-Language Policy Violations

Medium
Confidence
85% confidence
Finding
The skill hardcodes market/language routing and supports only a small set of locales, creating a risk that user requests are processed under an incorrect region or language context. In a shopping assistant, this can mis-handle user intent, expose data to an unintended regional endpoint, and produce misleading pricing, availability, or compliance behavior.

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The instruction to default to the GB market when locale is unclear imposes a region without user opt-in. This can send requests to the wrong market, return inaccurate prices or merchants, and mishandle users from other locales in ways that affect privacy and reliability.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal