ClawHub

Shipment Tracker

Security checks across malware telemetry and agentic risk

Overview

This shipment tracker mostly does what it says, but it needs Review because its optional fallback can send shipment details to a cloud browser/LLM and prints an executable command built from shipment-file links.

Install only if you are comfortable keeping shipment/order data in a local markdown file and making outbound carrier lookups. Do not let an agent automatically run the printed browser-use command; review the Link fields and command first, and use manual tracking for sensitive orders because the fallback may send shipment details to third-party cloud and LLM services.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill documentation explicitly describes capabilities beyond simple file reads, including outbound network access and a provided Python one-liner that the user may execute, yet no declared permissions are present to bound or surface those behaviors. This creates a real transparency and governance issue: users or orchestrators may invoke a skill that can read local shipment data and send tracking information to external services, including cloud browser/LLM tooling, without an explicit permission contract.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The invocation text is broad enough to trigger on generic package or shipment-related mentions, which can cause the skill to activate in contexts where the user did not intend package tracking. In this skill, overbroad triggering matters because invocation may lead to reading a default shipments file and initiating network lookups or recommending cloud-based tracking flows involving potentially sensitive order data.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The generated fallback command embeds shipment tracking URLs and sends them through a cloud browser/LLM workflow via `Browser(use_cloud=True)` without an inline, operation-time consent gate. Tracking numbers, delivery dates, and locations can reveal sensitive personal logistics information, so silently routing them to third-party cloud services creates a real privacy and data-handling risk in this skill context.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal