ClawHub

Amazon Seller Central Guide

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Amazon Seller Central guide with no hidden execution, but users should review its supplement and advertising examples before relying on them.

Safe to install as a guide, not as an autonomous Seller Central operator. Keep control of the browser session, review all listing submissions, pricing, inventory, FBA, removal, and order actions before confirming them, ignore the PPC example unless you intentionally want advertising help, and independently verify supplement claims, disclaimers, ingredients, and warnings against current Amazon policy and applicable regulations before publishing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The example includes PPC auto/manual campaign tactics and ad-budget guidance even though the skill metadata explicitly says it is not for Amazon Advertising. This creates scope drift that can cause an agent to provide disallowed advertising advice, increasing the chance of policy violations, user misuse, and unsafe automation outside the declared capability boundary.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The checklist states that no medical claims are made, but the listing content includes disease-treatment style and structure/function claims such as liver detox, metabolism optimization, bloat relief, liver cell renewal, and fatty liver support. In a supplements context this is especially dangerous because it can lead the agent to generate noncompliant health claims for regulated products, exposing users to Amazon enforcement and potential FDA/FTC issues.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The checklist claims warning statements are included, but the example provides no concrete user-facing warnings beyond a general FDA disclaimer, directions, and storage text. For supplement listings, missing warnings can cause the agent to produce incomplete or misleading compliance content, increasing the risk of unsafe consumer use and marketplace rejection or takedown.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The workflow includes supplement-specific listing guidance such as legal disclaimer, directions, and ingredients, but it does not warn users against making unsubstantiated health, disease-treatment, or other regulated claims, nor does it direct them to validate marketplace, FDA/FTC, and category-specific compliance requirements. In an Amazon Seller skill covering supplements, this omission can lead users to generate or publish noncompliant product content that triggers listing suppression, account enforcement, or consumer-regulatory risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal