ClawHub

Audtools Ecommerce Category Collector

Security checks across malware telemetry and agentic risk

Overview

This skill appears to automate Audtools collection/export, but it embeds shared login credentials and performs bulk export actions without clear user-controlled scoping.

Do not install this version unless the embedded Audtools credentials have been removed and rotated, and the skill has been changed to require user-provided credentials through a secure local mechanism. Before running exports, confirm what account is being used, what data will be selected, and where exported files will go.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The README publishes concrete Audtools login credentials and explicitly instructs users to edit credentials in code, which exposes account-access capability unrelated to documentation needs. Even if these are test or low-value credentials, embedding them in public-facing instructions can enable unauthorized access, credential reuse attacks, or accidental operational misuse.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill documentation contains hardcoded third-party account credentials (phone number and password) for Audtools. Exposing reusable credentials in a skill enables unauthorized account access, misuse of paid services, data exposure, and potential account takeover or abuse by anyone who can read the file.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The skill claims a valid Audtools account is a prerequisite, but then supplies shared credentials directly in the documentation. This contradiction normalizes unauthorized use of a pre-provisioned third-party account and increases the likelihood that operators will access services they do not own or control.

Intent-Code Divergence

High
Confidence
92% confidence
Finding
The file description says it submits collection tasks and exports results, but the implementation also performs automated login using embedded account credentials. This mismatch hides sensitive behavior from reviewers and users, increasing the chance of unauthorized account use and silent access to protected data.

Missing User Warnings

High
Confidence
100% confidence
Finding
This is a direct exposure of sensitive authentication material in documentation, with no warning or secure handling guidance. Anyone who can read the repository can attempt to use the credentials, test for password reuse, or leverage the account to submit tasks and access platform data or resources.

Missing User Warnings

High
Confidence
99% confidence
Finding
Publishing account credentials in plain text without any warning or protection is a direct secret exposure issue. Anyone with access to the skill can reuse the credentials, potentially accessing third-party data, consuming service quotas, or changing account settings.

Missing User Warnings

High
Confidence
99% confidence
Finding
The script contains hardcoded username and password values and uses them to log into a third-party service automatically. Anyone with access to the code can recover the credentials, reuse the account, access exported data, or abuse the service under that identity.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The script automatically selects all collected items and triggers export without an explicit confirmation step from the user. In this context, that can cause unintended bulk data exfiltration or privacy/compliance issues, especially because the automation logs in and operates on a real account.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal