ClawHub

Shopware Expert

Security checks across malware telemetry and agentic risk

Overview

This is a static Shopware documentation skill with some risky operational examples, but its behavior is disclosed, purpose-aligned, and not automatically executable.

Install this only if you want a broad Shopware developer and operations reference. Before following examples that touch production, customer accounts, payment setup, vault secrets, database dumps, telemetry export, CI logs, X11 access, or Admin API writes, review them manually, use least-privilege credentials, avoid printing secrets, and get explicit authorization for real store changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (13)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
This bundled skill materially exceeds a narrow 'Shopware 6 expert knowledge' scope by including operational hosting, deployment, Docker networking, SSH access, and payment/IAP implementation guidance. In an agent setting, this broadens the action surface from reference knowledge into infrastructure and commerce-operation workflows, increasing the chance an agent could assist with risky operational changes or sensitive integrations not necessary for the declared purpose.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The file documents highly sensitive context-gateway capabilities, including passwordless customer login and automatic customer registration, plus modification of billing/shipping addresses, currency, language, and payment method. Even as documentation, embedding these capabilities in a general-purpose skill exposes dangerous account and identity manipulation patterns that could be misapplied by an agent or operator without strong consent and authorization controls.

Intent-Code Divergence

Medium
Confidence
84% confidence
Finding
The vault guidance correctly says system-managed secrets must not be modified, but later recommends editing typo secrets with `sw-paas vault edit` without clearly excluding protected/system-managed entries. In a secrets-management context, this ambiguity can lead operators to modify or rename critical platform secrets, causing outages or breaking authentication and routing.

Natural-Language Policy Violations

Medium
Confidence
94% confidence
Finding
The documentation embeds real-looking credentials and identifiers directly in example code, including access tokens and a PayPal client ID. Even if intended as demo values, hard-coded secrets normalize insecure copy-paste behavior and can result in accidental reuse in production or unintentional exposure of active credentials.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The OpenTelemetry section explicitly instructs users to export traces, logs, and metrics to an OTLP endpoint, but it does not clearly warn that logs and traces may contain sensitive application, customer, or infrastructure data. In a hosting/install guide, this omission can lead operators to enable external telemetry export without appropriate data minimization, redaction, or trust review of the collector.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document explicitly publishes default admin credentials (`admin` / `shopware`) without a prominent warning that they are only for ephemeral local development and must be changed immediately elsewhere. Reused defaults are a common real-world compromise path when readers copy examples into persistent environments or forget to rotate credentials.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The documentation explicitly shows a command that outputs an Admin API JWT token to the console without warning about shell history, CI logs, terminal recording, or shoulder-surfing exposure. In an agent skill context, examples that normalize printing live bearer tokens increase the chance of credential leakage and reuse.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The dump documentation describes generating database dumps from live credentials and discusses anonymization as optional, but it lacks an upfront warning that dumps can contain credentials, customer PII, tokens, and other secrets. In practice this can lead users to create and move highly sensitive dump files insecurely.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation tells users how to retrieve and print vault secret values but does not warn that secrets may be exposed in terminal scrollback, screen recordings, shell history, CI logs, or shared sessions. In a documentation skill likely to be followed verbatim, that omission materially increases the chance of credential disclosure.

Missing User Warnings

Low
Confidence
76% confidence
Finding
The Grafana instructions state that the command returns a URL, username, and password but provide no warning to protect those credentials from terminal capture, shoulder surfing, or screen sharing. This is lower impact than vault secret dumping, but still creates avoidable credential exposure risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The Sales Agent installation guide instructs users to place API keys and client secrets into a local `.env` file without warning about secure storage, file permissions, or accidental commits. This commonly leads to long-lived credentials being exposed through source control or developer workstations.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation explicitly instructs users to run `xhost + $IP`, which weakens X11 access control by allowing a network client to connect to the host X server. Even though this is framed as local test setup guidance, it can expose keystrokes, window contents, and input injection to any process able to reach that X server, especially on misconfigured or shared networks.

Ssd 3

Medium
Confidence
99% confidence
Finding
The GitHub Actions example builds a `.env` file containing API endpoints and an access token, then prints the file with `cat .env`. This directly exposes secrets to CI logs, which are often retained, searchable, and accessible to broader audiences than intended.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal