ClawHub

order-agent 智能订单处理

Security checks across malware telemetry and agentic risk

Overview

This skill is a real WMS order-creation tool that fits its stated purpose, but it can submit shipment orders and send recipient personal data to external APIs with limited privacy disclosure and broad activation wording.

Review carefully before installing. Use this only if you intend the agent to create real WMS shipment orders, verify the API destination and credentials, require a final human confirmation before every single or batch submission, and avoid uploading spreadsheets with recipient personal data unless the backend's privacy and retention practices are acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill documentation describes actions that invoke a local script with network access to a real backend API and implies file processing for spreadsheet imports, but it does not declare the corresponding permissions. This creates a transparency and governance gap: users and platform controls may not realize the skill can transmit order and personal data externally or write derived data locally.

Tp4

High
Category
MCP Tool Poisoning
Confidence
92% confidence
Finding
The declared behavior does not fully match the documented operational behavior: it contacts a specific third-party backend, performs live product queries, and appears to support less than it claims for import formats. This mismatch is dangerous because users and reviewers may authorize the skill under incomplete assumptions, leading to unintended external data transfer and overbroad trust in automation capabilities.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The example trigger phrases are broad enough to overlap with normal conversation, which can cause the skill to activate unintentionally and initiate order-related workflows without sufficiently clear user intent. In the context of a purchasing and shipping agent that can create WMS orders, accidental invocation is more dangerous because it may lead to unintended processing of orders or collection of recipient data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README describes handling sensitive personal data including recipient name, phone number, and address, and shows that this data is sent to a remote WMS API, but it does not provide explicit privacy, retention, or transmission disclosures. This is risky because users or operators may unknowingly expose personal information to external services, and the order-processing context increases severity due to the volume and sensitivity of shipping data.

Vague Triggers

Medium
Confidence
83% confidence
Finding
Broad trigger phrases such as '帮我下单' can cause the skill to activate in contexts where the user did not intend immediate order-processing behavior. In a transactional skill that can submit shipping orders and handle personal information, ambiguous invocation increases the risk of accidental use, premature data collection, or unintended order creation.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill collects and transmits sensitive personal recipient data including name, phone number, and address to a backend API, yet the description lacks any privacy or data-handling disclosure. This is dangerous because users may provide regulated or sensitive data without informed consent, and reviewers cannot assess retention, sharing, or minimization practices.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The create_order path collects and transmits sensitive personal data including recipient name, phone number, and full address to a remote backend, but the script provides no user-facing consent, warning, data-minimization checks, or privacy guardrails. In an agent skill context that can process imported Excel/CSV orders in bulk, this increases the risk of silently exfiltrating large amounts of PII to an external service without the operator fully understanding what will be sent.

External Transmission

Medium
Category
Data Exfiltration
Content
}
    
    try:
        response = requests.post(url, json=payload, timeout=TIMEOUT)
        response.raise_for_status()
        result = response.json()
Confidence
96% confidence
Finding
requests.post(url, json=

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal