ClawHub

ecommerce-lead-contacts

Security checks across malware telemetry and agentic risk

Overview

This skill works as an EcCompass API client, but it exposes broader ecommerce search and intelligence features than its contact-lookup description clearly discloses.

Install only if you are comfortable using this as a broader EcCompass ecommerce intelligence and prospecting API client, not merely a narrow contact lookup tool. Review the schema and examples before use, protect and rotate the APEX_TOKEN, avoid bulk or abusive outreach, and ensure any use of returned personal contact data complies with privacy, marketing, and platform rules.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (11)

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The examples document broad ecommerce search and analytics capabilities, while the skill manifest claims the skill is for retrieving decision-maker LinkedIn profiles and business emails. This mismatch is dangerous because it suggests the skill may expose or invoke materially different functionality than users and reviewers expect, enabling undisclosed data collection or competitor intelligence workflows under the guise of contact lookup.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The documented competitor discovery and detailed domain analytics workflows exceed the stated purpose of finding LinkedIn profiles and business emails for store domains. In a contact-finding skill, this hidden expansion of scope increases the risk of unauthorized profiling, commercial intelligence gathering, and user deception about what data is being queried or transmitted.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The file banner and command set show the skill supports broad store intelligence operations such as search, historical analytics, app discovery, and contacts, while the manifest frames the skill as a domain contact-finding tool. This capability mismatch is dangerous because it expands data access and user expectations beyond disclosed scope, increasing risk of unauthorized profiling or misuse.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The domain command retrieves and displays extensive business intelligence, including revenue, traffic, social metrics, and direct contact fields, which materially exceeds the manifest's stated LinkedIn/email contact use case. In an agent setting, hidden overbroad data access is risky because it can enable silent enrichment, profiling, or disclosure of sensitive business data without clear user awareness.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The search implementation provides broad discovery and filtering across e-commerce stores by geography, platform, revenue, growth, employees, followers, and traffic, which is not reflected in the manifest's per-domain contact lookup framing. This makes the skill more dangerous in context because it supports large-scale target discovery and market intelligence collection rather than a narrow user-requested lookup.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README explicitly promotes retrieval of decision-maker LinkedIn profiles and business emails but provides no warning about privacy, lawful basis, consent, rate limits, or responsible handling of personal data. In a lead-generation skill, that omission increases the likelihood of misuse for unsolicited outreach, scraping-related abuse, or downstream privacy/compliance violations.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill does not clearly warn users that entered store domains are sent to an external third-party API along with a token-authenticated request. This creates a privacy and transparency issue because user inputs, target lists, and usage patterns may be disclosed to the vendor without explicit notice.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation explicitly exposes an endpoint that returns named LinkedIn contacts together with verified email addresses for a target domain, but provides no privacy, consent, acceptable-use, or anti-abuse constraints. In the context of a lead-generation skill, this materially enables bulk harvesting of personal contact data for outreach, spam, profiling, or targeted phishing, making the omission security-relevant rather than merely informational.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The contacts command is explicitly designed to enumerate named individuals and associated business email addresses for a supplied domain, yet there is no notice, consent check, rate limit, or privacy safeguard in the client. In this skill context, that materially increases privacy and abuse risk because the advertised purpose is lead/contact discovery, making bulk identification and outreach a foreseeable misuse path.

External Transmission

Medium
Category
Data Exfiltration
Content
---

## 5. LinkedIn Contacts — `GET https://api.eccompass.ai/public/api/v1/contacts/{domain}`

### Request
Confidence
84% confidence
Finding
https://api.eccompass.ai/

External Transmission

Medium
Category
Data Exfiltration
Content
### Request

```
GET https://api.eccompass.ai/public/api/v1/contacts/ooni.com
APEX_TOKEN: <your_token>
```
Confidence
84% confidence
Finding
https://api.eccompass.ai/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal