ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Clawringhouse - AI Shopping Concierge

v1.0.0

Proactively research, compare, and prepare curated shopping carts with thoughtful, budget-conscious gift and supply recommendations for upcoming events and n...

2· 1.9k·1 current·1 all-time
by@francoisjosephlacroix
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Name and instructions match a shopping/affiliate purpose (search API, prepare carts, include affiliate tag). However, the SKILL.md also instructs the agent to automate the user's browser (via a 'Chrome extension relay') and to use an 'agent's Amazon account' in some flows — capabilities that require browser access or credentials but are not requested or documented. The lack of a description/homepage and an unknown source for the external API (clawringhouse.onrender.com) increases the mismatch between claimed purpose and required runtime capabilities.
!
Instruction Scope
The instructions tell the agent to proactively read memory/calendar and partner preferences, click through product pages, and add items to carts (preferably in the user's logged‑in browser). They also instruct always appending an affiliate tag and to call an external API with search queries. This broad access to personal context and automated browser actions, combined with sending queries and possibly contextual data to a third‑party API, expands the skill's scope beyond simple product lookup and raises privacy and consent issues.
Install Mechanism
This is instruction-only (no install spec, no code files to execute), which is lower risk from an installation perspective. There is no download or archive extraction. That said, the SKILL.md references a local CLI/python module and a 'Chrome extension relay' but does not provide an install or distribution mechanism for such components.
!
Credentials
The skill declares no required environment variables or credentials, but runtime guidance assumes access to sensitive contexts: the user's calendar/memory, the user's browser (possibly logged‑in), or an agent-owned Amazon account. Those capabilities normally require tokens/extensions/credentials and explicit consent; their absence from the declared requirements is an incoherence. Additionally, queries (which may include PII or details about relationships) are sent to an external API whose data handling is not documented.
Persistence & Privilege
The skill does not request permanent presence (always: false) and does not ask to modify other skills or system settings. However, it encourages browser automation and potential use of account cookies/affiliate tagging; combined with autonomous invocation (default), that increases the blast radius if the external API or automation is abused. This is noteworthy but not a direct privilege escalation in the metadata.
What to consider before installing
This skill is clearly designed to monetize recommendations via an affiliate tag and to automate cart preparation, but it raises privacy and trust questions before you enable it. Before installing or allowing autonomous use: 1) Ask the author for the API's privacy policy and logs/retention policy for queries sent to https://clawringhouse.onrender.com. 2) Confirm what explicit user consent and technical mechanisms are required for browser automation or accessing calendars/accounts (do not enable browser extensions or share account credentials without understanding what is accessed). 3) Avoid granting any Amazon credentials; prefer flows that only send affiliate-tagged links rather than adding items using account logins. 4) If you must use it, restrict the agent so it cannot autonomously access user data or perform browser automation without an explicit prompt each time. 5) If you need higher assurance, request source code or a trustworthy third‑party audit of the service/extension and verify the hosting domain and owner identity. If those answers are not satisfactory, treat the skill as a potential privacy risk and do not enable it for sensitive accounts.

Like a lobster shell, security has layers — review code before you run it.

latestvk970hx1y6cf776hvgq2zvzvfm980etfp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments