ClawHub

Printful Management

Security checks across malware telemetry and agentic risk

Overview

This Printful skill is mostly coherent, but it gives an agent broad live-account authority, including raw authenticated API requests and unrestricted local export paths.

Install only if you want an agent to manage a live Printful account. Use the least-privileged or store-scoped token available, keep it in PRINTFUL_API_KEY, start with read-only commands, and manually review any raw request, product deletion, order confirmation/cancellation, webhook change, file upload, or export path before allowing it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill explicitly instructs use of environment variables, file reads/writes, and live network calls to the Printful API, but it declares no permissions. That creates a capability/permission mismatch that can bypass user expectations and platform review controls, especially because the skill also handles a private API token and can write local exports containing account data.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The raw command allows arbitrary HTTP methods and arbitrary Printful API paths, bypassing the narrower safety boundaries implied by the skill's management workflows. In an agent context, this expands capability to any present or future API endpoint, including destructive operations or access to sensitive account data that the surrounding skill may not intend to expose.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The export flow writes API-derived content to any caller-specified output path without confirmation, allowing an agent or untrusted user prompt to cause overwrites of arbitrary local files accessible to the process. In a skill environment, this is more dangerous because the tool is designed to transform user requests directly into actions, increasing the chance of unintended local file modification.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The raw command can issue arbitrary DELETE/POST/PUT/PATCH requests with no confirmation or user-facing warning, making accidental or prompt-injected destructive actions much easier. Because this skill manages a live commerce account, unrestricted write/delete operations can alter stores, products, orders, webhooks, or other account state beyond the safer, task-specific commands.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal