ClawHub

Amazon Sales Estimator

Security checks across malware telemetry and agentic risk

Overview

This skill is an instruction-only Amazon sales estimator whose external Amazon/search lookups match its stated purpose, with no evidence of hidden credential access, persistence, or destructive behavior.

Install only if you trust the Nexscope source and are comfortable with the agent making public Amazon/search requests for ASIN or keyword analysis. Do not provide Amazon seller credentials, private account pages, cookies, or sensitive business strategy beyond what you want used for the estimate.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Low
Confidence
90% confidence
Finding
The skill explicitly instructs the agent to fetch Amazon product pages based on user-supplied ASINs or URLs, which causes external network access and transmits user-provided data to a third party without any warning or consent cue. While the data involved is usually not highly sensitive, undisclosed outbound requests can surprise users, leak research targets, and create privacy/compliance concerns in enterprise environments.

Missing User Warnings

Low
Confidence
94% confidence
Finding
Mode C directs the agent to run external searches and fetch multiple Amazon product pages using the user's keyword, which exposes the user's market research intent to external services without an explicit warning. In this context the behavior is expected for the feature, but the omission still matters because keywords may reveal confidential business strategy, niche targeting, or competitive intelligence activity.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal