ClawHub

闲鱼全自动砍价助手

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is aligned with automated bargaining, but it needs Review because it can keep monitoring a logged-in marketplace account and send seller messages automatically despite inconsistent approval rules.

Install only if you are comfortable letting the agent use your logged-in Xianyu session and store local bargain state. Keep cron monitoring, auto-follow-up, and auto-accept behavior off unless you intentionally enable them, and require review before any message that accepts a seller price or commits you to buy.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The skill markets itself as 'only notifying users' and 'never auto-ordering', but its actual instructions direct the agent to automatically send bargaining and follow-up messages to third-party sellers. That mismatch can mislead users and reviewers about the degree of autonomous external action the skill performs, reducing informed consent and increasing the chance of unexpected messaging behavior.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The skill first requires user confirmation before any bargaining message is sent, but later introduces an 'auto-send without confirmation' option. Conflicting safety rules create ambiguity that an agent may resolve unsafely, leading to unsolicited outbound messages to sellers without the explicit approval promised earlier.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger list includes broad, common phrases such as asking whether a price is reasonable or how to negotiate, which can cause accidental invocation in ordinary conversation. In a skill that can message external parties and set up monitoring jobs, unintended activation materially increases the risk of undesired automation and privacy-impacting actions.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The guide explicitly allows the agent, once cron monitoring is enabled, to automatically generate and send subsequent bargaining and follow-up messages without requiring per-message user review. Even though initial activation requires consent, this still delegates ongoing outbound communication to the agent, creating a real risk of unintended commitments, misrepresentation, harassment/spam, or platform-policy violations if the LLM misinterprets seller replies or negotiation state.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The status query command includes a very generic trigger phrase ("批量状态") without any namespace, confirmation, or explicit binding to this skill's active tasks. In a chat environment, broad phrases can be invoked unintentionally or collide with unrelated user requests, causing the agent to reveal or act on bargain-task state when the user did not clearly intend this skill-specific operation.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The stop-all command trigger ("停止全部砍价") is powerful and broadly phrased, with no scope constraints, task selection, or confirmation step. If matched accidentally or via ambiguous conversation context, it could terminate all active bargain-monitoring jobs at once, causing loss of automation state and denial of service for the user's ongoing negotiations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal