ClawHub

eBay Batch Registration

Security checks across malware telemetry and agentic risk

Overview

This skill needs review because it automates bulk eBay/Payoneer registration and stores many people’s identity, account, bank, and card details locally without adequate safeguards.

Install only if you are authorized to create and manage all listed business identities and accounts, and review eBay/Payoneer rules before use. Do not store full card data or CVVs in plaintext; use a secure vault, encrypt local folders, restrict report access, mask exported identifiers, and set clear deletion/retention rules before running any batch workflow or scheduled resume.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill is explicitly designed to collect, store, and process large volumes of highly sensitive personal and financial data, including IDs, bank details, credit card data, phone numbers, and corporate registration records, in plaintext local files and queue metadata. In this bulk-registration context, any compromise, misuse, accidental sharing, or local malware exposure would leak many individuals' identities and payment details at once, substantially amplifying privacy, fraud, and regulatory risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The reporting function exports sensitive account identifiers, status data, timestamps, and failure reasons into a persistent Excel file without any warning, access control, masking, or retention guidance. Because spreadsheets are easy to copy, sync, email, or exfiltrate, this creates a durable secondary data store that increases the blast radius of any accidental disclosure or endpoint compromise.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal