ClawHub

BrickLink

Security checks across malware telemetry and agentic risk

Overview

This BrickLink CLI is mostly coherent, but it can modify a live store account and writes customer order details to predictable files in /tmp without enough safeguards.

Install only if you are comfortable giving the skill BrickLink OAuth credentials that can read and modify your store. Treat mutating commands as live account actions, double-check every order or inventory ID, and avoid generating HTML invoices/details on shared machines unless you choose a private output path and clean up the files afterward.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
74% confidence
Finding
The HTML rendering path can fetch external image URLs for each order item and optionally embed them as data URIs, creating additional outbound network access beyond the core API calls. In practice this can leak usage patterns/IP to a secondary domain and turn rendering untrusted order content into a network-fetching operation, which is more dangerous in an agent/tooling context than in a purely local CLI.

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The skill generates local HTML order-detail and invoice files containing customer and order data, which materially expands its behavior beyond a simple API helper/CLI. In an agent setting, this creates a new persistence channel for sensitive order information, increasing the chance of unintended local data exposure or later exfiltration.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill documents numerous state-changing operations such as updating orders, posting feedback, creating/updating/deleting inventory, and sending drive-thru emails, but it does not provide a prominent warning that these commands alter live BrickLink account data. In a CLI/agent context, this omission increases the chance of accidental destructive actions, especially because the skill uses authenticated API credentials and targets a real store account.

Missing User Warnings

High
Confidence
92% confidence
Finding
The order-detail HTML export writes buyer PII such as name, address, email, and phone number to disk, defaulting to a predictable file under /tmp when no output path is provided. In shared or multi-user environments, this creates a real confidentiality risk because sensitive customer data is persisted outside the API response flow and may be accessible to other processes or users.

Missing User Warnings

High
Confidence
92% confidence
Finding
The invoice export similarly persists buyer PII and order details to local disk, again using a predictable /tmp filename by default. Because invoices are likely to be retained, shared, or indexed by other tooling, this meaningfully increases the exposure surface for personal and transactional data.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal