ClawHub

Lobstersearch

Security checks across malware telemetry and agentic risk

Overview

The artifact is transparent about being a real shopping connector, but it gives an unauthenticated agent high-impact order, payment-link, cancellation, refund, and customer-data flows without clear per-transaction safety boundaries.

Install only if you intend to let your agent interact with a real shopping and payments service. Keep tool-call approval enabled, manually confirm merchant, items, totals, customer details, payment-link generation, and every cancellation/refund action, and treat order IDs as private.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README documents tools that can create orders, reserve stock, generate Stripe payment links, and trigger cancellations/refunds, but it does not include an explicit warning that these are state-changing financial actions requiring clear user confirmation. In an agentic environment, this omission increases the risk that a model or connector user invokes commerce actions automatically or with insufficient user awareness, leading to unintended purchases, reserved inventory, or refund/cancellation side effects.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill exposes order creation, payment confirmation, cancellation, and refund-capable operations but does not prominently warn that these are real-world transactional actions involving purchases, refunds, and customer data. In an agentic context, this can lead to unintended orders, financial loss, privacy issues, or unauthorized commerce actions if an agent invokes these tools without explicit user confirmation and clear consent boundaries.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The commerce examples show an agent collecting personal data and initiating order and payment flows without any visible user-consent, confirmation, or cautionary language around real-world transactions. In an agentic shopping skill, this omission is risky because downstream implementers may copy these examples directly, leading to unauthorized purchases, oversharing of PII, or users being surprised by payment-triggering actions.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The manifest explicitly positions the skill as enabling agents to discover businesses and complete purchases on behalf of users, but it does not define narrow invocation boundaries, required confirmation gates, spending limits, merchant trust requirements, or prohibited scenarios. In an agentic setting, this increases the risk of unauthorized purchases, prompt-influenced spending, or use in contexts where the user did not intend to delegate transactional authority.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill exposes end-to-end transactional operations including draft order creation, payment-link generation, order status retrieval, cancellation, refund initiation, and collection of customer identifiers such as name and email, yet the manifest contains no explicit warning that these actions have financial and privacy consequences. In practice, this can mislead integrators or downstream agents into treating the tools like ordinary read-only commerce discovery APIs, increasing the chance of unintended purchases, disclosure of personal data, or disruptive cancellations/refunds.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal