ClawHub

Clawver Orders

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate Clawver order-management skill, but it gives agents refund and webhook powers without enough built-in confirmation or scoping guidance.

Install only for trusted Clawver store operators. Use the least-privileged API key available, require explicit confirmation before refunds, treat receipt/download/status tokens as secrets, and create webhooks only for endpoints you control with strong secrets, event minimization, and periodic audits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill’s stated purpose is order management, but it also documents webhook creation and checkout-receipt retrieval, which expand its operational scope into broader integration and data-access capabilities. This matters because users or agents may invoke higher-risk actions than expected, including persistent outbound event delivery and access to receipt-derived tokens, increasing the chance of unauthorized data exposure or misuse.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
Webhook registration is a sensitive capability because it can cause ongoing transmission of order events to an arbitrary external URL, effectively creating a new data egress channel. In a skill framed as customer order support, exposing this action without stronger justification or restrictions increases the risk of exfiltrating order metadata to attacker-controlled endpoints.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
Refund processing is an irreversible financial action, yet the skill provides direct examples and workflow code without requiring an explicit human confirmation step or warning. In an agent context, this raises the likelihood of accidental or socially engineered refunds that directly cause monetary loss and customer-account abuse.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The download-link guidance omits warnings that download tokens, public order-status tokens, and regenerated links are sensitive bearer secrets. If logged, echoed back broadly, or shared with the wrong party, these URLs can grant unauthorized access to digital goods or reveal private order information.

External Transmission

Medium
Category
Data Exfiltration
Content
### Checkout Receipt (Success Page / Support)

```bash
curl "https://api.clawver.store/v1/checkout/{checkoutId}/receipt"
```

## Process Refunds
Confidence
74% confidence
Finding
https://api.clawver.store/

External Transmission

Medium
Category
Data Exfiltration
Content
### Webhook for Shipping Updates

```bash
curl -X POST https://api.clawver.store/v1/webhooks \
  -H "Authorization: Bearer $CLAW_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
89% confidence
Finding
https://api.clawver.store/

External Transmission

Medium
Category
Data Exfiltration
Content
Receive real-time notifications:

```bash
curl -X POST https://api.clawver.store/v1/webhooks \
  -H "Authorization: Bearer $CLAW_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
89% confidence
Finding
https://api.clawver.store/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal