ClawHub

polyv-e-commerce-setup

Security checks across malware telemetry and agentic risk

Overview

The skill matches its PolyV setup purpose, but it asks users to share a long-lived AppSecret in chat and runs account-changing setup commands without enough safeguards.

Install only if you intend to create PolyV resources in that account and trust the external PolyV CLI being run via npx. Do not paste AppSecret into chat; configure credentials through a safer local method if available, use least-privilege or test credentials, review the created channel/product/coupon afterward, and rotate the secret if it has already been shared in a conversation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to ask the user for an AppID and AppSecret in chat and then pass those secrets on the command line. This creates a real credential-exposure risk because secrets may be captured in chat logs, shell history, process listings, or agent telemetry, and the skill provides no guidance for secure handling or redaction.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill performs one-click initialization that creates channels, products, and coupons in the user's account but does not clearly warn that it will modify live account resources. This can lead to unintended state changes, clutter, billing/operational consequences, or accidental production-side actions if run against a real account.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill tells the agent to solicit the user's AppSecret directly in natural-language interaction and then use it in a CLI command. That is dangerous because conversational channels are not appropriate secret-entry mechanisms; the secret may be retained in transcripts, exposed to observers, or reused by a compromised agent or downstream logging system.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal