ClawHub

Pilot E Commerce Ops Setup

Security checks across malware telemetry and agentic risk

Overview

This is a coherent setup guide for a four-agent e-commerce workflow, with disclosed but privacy-sensitive support webhook and customer-data flows that users should configure carefully.

Before installing, review the dependent pilot-* skills and the pilotctl/clawhub binaries, then decide whether the support webhook is needed. If enabled, use only an approved endpoint, minimize or redact customer/order fields, and verify retention, access controls, and compliance requirements for any external support system.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill is presented as deploying four internal e-commerce agents, but the support-bot manifest explicitly defines outbound communication to an external endpoint via webhook on port 443. That expands the trust boundary and can send customer-support data outside the internal agent mesh without making that architectural change clear to the user.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The support role includes a generic webhook bridge capable of transmitting support escalations externally, which creates a data exfiltration path for order status, refund, or customer conversation data. Because no destination restrictions, authentication requirements, or payload limits are specified, this capability is broader than necessary for the stated top-level setup purpose.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README explicitly routes support escalations to an external destination via webhook on port 443, but it does not warn users that customer support data may leave the local agent environment. In an e-commerce context, support payloads often include customer identifiers, order details, and refund information, so omission of a privacy warning increases the risk of unintended disclosure and noncompliant deployments.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The example publishes order-status data containing a direct customer identifier (alice@example.com) to another agent without any user-facing privacy notice or guidance on handling personal data. In this skill's e-commerce setting, sharing PII in examples normalizes unsafe data flows and can lead operators to replicate them in production without minimization, consent review, or access controls.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs deployment of a support escalation webhook but provides no user-facing warning that internal support or order-related data may leave the environment. This undermines informed consent and can cause privacy, compliance, or contractual violations if operators enable the setup assuming all traffic stays internal.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal