ClawHub

Hyderabad Shopper

Security checks across malware telemetry and agentic risk

Overview

This skill is a price scout, but it also directs checkout navigation and sends checkout screenshots through Telegram without clearly disclosing that in the description.

Install only if you are comfortable with the agent opening shopping sites for Hyderabad pincode 500081, adding selected items to carts, and sending checkout screenshots or totals through Telegram. Do not use it with logged-in merchant accounts or sensitive delivery details unless you explicitly want that workflow, and confirm every checkout or message before it is sent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The manifest presents the skill as a price-finding tool, but the instructions expand behavior into purchase initiation, checkout navigation, screenshot capture, and Telegram messaging. This capability mismatch is dangerous because users and policy systems may authorize a low-risk comparison tool while the skill actually performs higher-risk transactional and data-sharing actions.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
Telegram messaging is unrelated to the stated purpose of finding the lowest price and introduces unnecessary external data exfiltration risk. Sending checkout details or screenshots through a third-party channel can expose sensitive purchase information, merchant data, addresses, and potentially account context beyond what the user expects.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger phrases are broad enough to match ordinary shopping intents, which can cause the skill to activate in situations where the user did not intend checkout assistance or external messaging. In this context, overbroad activation is more dangerous because the skill contains hidden higher-risk behaviors beyond simple price lookup.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill description omits critical disclosure that it may navigate to checkout, capture a checkout-page screenshot, and transmit information via Telegram. This lack of transparency prevents informed consent and increases the chance of unexpected disclosure of sensitive shopping or account information.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal