ClawHub

Goshippo

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Shippo shipping helper, but it gives agents broad live-account powers and has some under-scoped paths users should review first.

Install only if you want an agent to operate on your Shippo account. Require explicit approval before purchases, refunds, manifests, webhook/account changes, deletes, or any direct REST fallback, and decide where any local analysis reports should be written because they may contain sensitive shipping and billing data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill advertises a hosted-MCP/OAuth flow with 'nothing to copy or store,' but then instructs a direct REST fallback for packing slips outside that boundary. That creates a trust-boundary mismatch: an agent may be pushed into making raw HTTP requests with different auth handling, logging, approval, and policy controls than the hosted MCP path.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
Instructing agents to make direct REST API calls is unsafe when the skill is presented as operating solely through Shippo's hosted MCP with per-user OAuth. This can bypass MCP guardrails, create ambiguous authentication expectations, and encourage agents to handle credentials or network access in ways the skill originally said were unnecessary.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The reference documents capabilities beyond the stated shipping/logistics scope, including carrier account creation/updates, webhook management, Shippo account management, and order/service-group administration. This scope expansion can mislead an agent or user about what actions are available, increasing the chance of unauthorized account changes or broader data access than expected.

Vague Triggers

Medium
Confidence
84% confidence
Finding
Broad everyday trigger phrases like 'where is my package' or 'refund this label' can cause the support-ticket workflow to activate during normal conversational assistance, producing internal-style escalation artifacts and collecting more operational data than necessary. Over-broad invocation increases the chance of unintended data aggregation and accidental disclosure into support-oriented outputs.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The tool reference lists state-changing and potentially irreversible operations such as label purchase, batch purchase, refunds, manifest creation, deletes, and webhook changes without explicit user-facing cautions or confirmation guidance. In an agent setting, this omission can cause accidental charges, shipment processing, webhook tampering, or data loss if the model invokes tools based on ambiguous prompts.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal