ClawHub

Walmart Review Checker

Security checks across malware telemetry and agentic risk

Overview

This is a local review-analysis skill, but its Walmart claims do not match the implementation and its hidden HTML report generator can render untrusted review text unsafely.

Install only after reviewing the package source. Treat the analysis as a generic/Amazon-style heuristic rather than a Walmart-specific authenticity check, avoid opening generated HTML reports from untrusted review data, and prefer plain text output unless the HTML rendering is fixed with proper escaping or textContent-based rendering.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
77% confidence
Finding
The skill advertises no declared permissions, yet the static analysis indicates file-write capability. Undeclared write behavior reduces transparency and can mislead users about what the skill does, which is dangerous because even seemingly benign report generation can overwrite files, drop unexpected artifacts, or be abused in chained attacks if paths are influenced by input.

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The skill's documented Walmart-specific purpose does not match the reported behavior, which includes Amazon-specific analysis, ASIN usage, generic verified-purchase logic, and undocumented HTML report generation with Chart.js and file output. This mismatch is security-relevant because users may grant trust based on the stated scope while the skill performs broader or different actions than expected, including hidden output generation and potentially misleading analysis results.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The file advertises itself as an Amazon review checker while the skill metadata claims Walmart-specific analysis. This kind of capability mismatch is a true security/trust issue because users may rely on outputs as if they were Walmart-specific when the logic is tuned to different platform signals, leading to materially misleading decisions.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The analyzer data model and reporting are built around Amazon concepts such as ASIN and verified-purchase assumptions, not the Walmart-specific indicators promised by the skill description. In a security-sensitive agent ecosystem, this is dangerous because it creates deceptive functionality: downstream users or agents may treat unsupported Walmart fraud detections as authoritative.

Intent-Code Divergence

Low
Confidence
84% confidence
Finding
The tool tells users that adding reviewer info will unlock account-profile analysis, but no such analysis exists. This is a real integrity issue because it can mislead operators into providing additional data under false pretenses and overestimating the comprehensiveness of the assessment.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script injects review.content and reasons directly into HTML via JavaScript template literals using innerHTML, with no escaping or sanitization. If review data contains HTML or script payloads, opening the generated report can trigger stored DOM XSS in the viewer's browser, which is especially relevant because review text is untrusted, user-derived input.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal