ClawHub

Amazon Ppc Campaign

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Amazon PPC planning helper that uses public Amazon lookups for keyword and competitor research, with no evidence of credential access, hidden exfiltration, or automatic ad-account changes.

Install only if you are comfortable with ASINs, product descriptions, and keyword prefixes being used for Amazon or web lookups. Ask the agent to confirm before any external research if you need tighter control, and review the bundled fetch script if marketplace scraping or Amazon terms compliance matters for your environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill explicitly instructs the agent to execute shell commands (`scripts/fetch-competitor.sh` and `curl ... | python3`) while the metadata declares no permissions. That creates hidden capability and weakens user/admin ability to understand or constrain what the skill will do, especially when external network access and scraping are involved.

Tp4

High
Category
MCP Tool Poisoning
Confidence
89% confidence
Finding
The documented behavior goes beyond PPC planning into competitor-page scraping and direct HTTP access to Amazon properties, but this is not clearly represented in the declared purpose. Description-behavior mismatch is dangerous because users may invoke the skill expecting local analysis while the agent actually performs external collection against third-party sites, increasing privacy, compliance, and policy risk.

Intent-Code Divergence

Medium
Confidence
80% confidence
Finding
The skill states it can auto-discover data by running bundled scripts and web searches, yet elsewhere frames itself as limited and based on public/user-provided inputs. This inconsistency can mislead operators about execution scope and cause the agent to perform networked actions users did not reasonably expect.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The script performs direct scraping of competitor Amazon product pages, which expands the skill's capabilities beyond a normal PPC campaign builder/optimizer into undisclosed external data collection. In an agent context, this creates supply-chain and policy risk because users may invoke the skill expecting campaign analysis, not automated competitor-page scraping with browser impersonation headers.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The file is purpose-built to fetch and parse competitor listings, which is an unjustified capability relative to the stated PPC builder/optimizer scope unless clearly disclosed. This matters because hidden or under-scoped collection features increase the chance of misuse, policy violations, and unexpected external interactions by the agent.

Vague Triggers

Medium
Confidence
78% confidence
Finding
Very broad trigger phrases like 'I want to start advertising on Amazon' or 'My ACoS is too high' overlap with ordinary conversation and can cause accidental invocation. In this skill, accidental invocation matters more because the documented workflow can lead to web searches and shell-driven external requests without a strong upfront consent boundary.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill does not clearly warn users that it may perform external web requests and scraping-like data collection via shell scripts and curl. Lack of disclosure is dangerous because users may provide inputs assuming only local reasoning, while the agent may transmit query terms or ASIN-derived lookups to third-party endpoints.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The script makes a silent outbound request to Amazon and suppresses curl errors, giving the user no warning that network access and data transmission are occurring. In an agent skill, undisclosed external communication reduces transparency and can surprise users or violate deployment expectations even if the transmitted data is limited to the requested ASIN and marketplace.

External Script Fetching

High
Category
Supply Chain
Content
2. **From competitor ASINs**: User provides 1-3 competitor ASINs → run `scripts/fetch-competitor.sh <ASIN>` for each → extract keywords from their titles and bullet points. The script returns title, brand, bullets, price, category, BSR, and review count.
3. **From user's list**: User provides their own keywords (e.g., from Helium 10, search term reports, or manual research).

Additionally, expand keywords using Amazon autocomplete: `curl -s "https://completion.amazon.com/api/2017/suggestions?mid=ATVPDKIKX0DER&alias=aps&prefix=<URL-ENCODED-KEYWORD>" | python3 -c "import sys,json; [print(s['value']) for s in json.load(sys.stdin).get('suggestions',[])]"`

### Step A4: Build Campaign Structure and Group Keywords
Confidence
91% confidence
Finding
curl -s "https://completion.amazon.com/api/2017/suggestions?mid=ATVPDKIKX0DER&alias=aps&prefix=<URL-ENCODED-KEYWORD>" | python

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal