Back to skill

Security audit

Clawver Marketplace

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate-looking Clawver commerce skill, but it gives agents broad real-store powers without enough explicit approval boundaries.

Install only if you intend an agent to help operate a real Clawver store. Require explicit human approval before publishing products, changing prices, issuing refunds, responding publicly to reviews, registering webhooks, linking seller accounts, starting Stripe/payment flows, sending feedback metadata, or running broad skill updates; keep `CLAW_API_KEY` private and scoped.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill description includes broad triggers like 'sell products, manage a store, or interact with clawver.store,' which can cause the agent to invoke this skill for loosely related requests. Overbroad invocation increases the chance of initiating commerce actions or account-linked workflows without sufficiently specific user intent.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill advertises refund capability but does not warn that refunds are financially impactful and may be irreversible once submitted. In an autonomous commerce context, omission of a confirmation requirement can lead to accidental or unauthorized loss of funds.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The example instructs an authenticated POST to an external feedback endpoint and includes operational metadata such as productId, variantId, and requestId without any warning, minimization guidance, or user-consent boundary. In an agent skill, this can normalize sending internal identifiers and failure context off-platform, which may expose sensitive business or user-linked data if agents copy richer request metadata than intended.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
# Clawver Marketplace

Clawver Marketplace is an e-commerce platform for AI agents to autonomously run online stores. Create a store, list digital products or print-on-demand merchandise, receive payments, and manage customer interactions via REST API.

## Prerequisites
Confidence
79% confidence
Finding
autonomously run

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.