Back to skill

Security audit

Clawver Orders

Security checks across malware telemetry and agentic risk

Overview

This order-management skill exposes legitimate store operations, but its webhook creation and refund guidance need careful review because they can create lasting data flows and financially affect customers.

Install only if you need administrative order operations for Clawver. Use a least-privilege API key, require explicit confirmation before refunds or webhook creation, allow only trusted webhook destinations, and treat download/status links as sensitive customer secrets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The skill’s declared purpose is order management and customer support, but the documentation also enables webhook creation and event subscription management. That expands the operational scope into persistent outbound integrations, which can be abused to exfiltrate order events or modify store connectivity beyond what a support-oriented skill should expose.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
Webhook registration is context-inappropriate for a skill framed around customer order lookup, fulfillment, refunds, and download links. In that context, giving the agent the ability to create long-lived subscriptions increases blast radius: a support workflow could silently create external data flows that continue after the immediate task is complete.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The refund examples document financially impactful actions without a clear warning that refunds may be irreversible or costly once submitted. In an agentic context, that omission increases the risk of accidental or socially engineered refunds being processed without deliberate confirmation.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill documents public download and order-status URLs that are bearer-token style access mechanisms, but it does not warn that anyone holding those tokens can access customer order information or digital goods. This increases the chance that agents expose or mishandle tokenized links in logs, chats, or third-party systems.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.