ClawHub

NWi跨境电商数据分析

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate e-commerce analytics skill, but it should be reviewed carefully because it stores API keys locally and includes under-scoped data-sharing and contact-collection behavior.

Install only if you are comfortable giving this skill an NWi/Nint API key and having requests go to the documented NWi backend. Treat the API key as a secret, avoid sharing logs or screenshots containing requests, delete or rotate the local key when done, and review the contact-upgrade and anomaly-reporting behavior before using sensitive business queries.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The README states users can submit contact information to obtain a temporary key upgrade and that NWi customer service will proactively contact them, but it provides no clear privacy notice, consent language, retention policy, or scope limitation. In a data-query skill, collecting personal contact details for sales or support outreach expands data collection beyond the core function and creates privacy and social-engineering risk if mishandled.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The README says the skill will automatically detect anomalous data and report it to the NWi backend, which is a data-sharing behavior not clearly necessary for fulfilling user requests. In the context of an analytics query skill, silent telemetry or report-back functionality can expose user queries, business interests, or derived usage patterns to a third party without transparent notice or opt-in.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Collecting contact information for API key upgrades without a clear privacy warning is a genuine privacy and transparency issue. Because the skill is presented as an ecommerce analytics tool rather than a lead-capture workflow, users may not reasonably expect their personal details to be gathered for follow-up contact, which increases the risk of uninformed consent and misuse.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger phrases include very broad terms like '电商数据', '销量', '销额', and '品牌排行', which can match many generic ecommerce-related requests outside this specific provider/integration. That can cause the skill to activate unexpectedly and route user queries into this workflow, increasing the chance of unnecessary API-key handling, unintended data access attempts, or confusing users about which data source is being used.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly instructs the agent to read and write an API key in a local file (`references/api_key.txt`) but does not clearly warn the user that credentials will be persisted locally. Storing secrets in plaintext local files without transparent notice or stronger secret handling increases the risk of credential exposure to other tools, logs, or users sharing the environment.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation instructs clients to place an api_key directly in JSON request bodies across many endpoints, but provides no guidance on secure handling, redaction, rotation, or avoidance of logging. In practice, body parameters are often captured by app logs, proxies, debugging tools, and error telemetry, which increases the chance of credential disclosure even though the transport itself is HTTPS.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The temporary api_key issuance endpoint returns a live credential and associated IP information, but the docs do not warn that these values are sensitive or that generated keys should be stored and transmitted securely. This increases the risk that developers will paste keys into chats, source files, screenshots, or logs, leading to unauthorized API use and quota abuse.

VirusTotal

1/60 vendors flagged this skill as malicious, and 59/60 flagged it as clean.

View on VirusTotal