ClawHub

FUTA Express package tracking skill (VN)

Security checks across malware telemetry and agentic risk

Overview

This package-tracking skill is not malicious, but it needs review because it can display full sender, recipient, phone, and ID details from a tracking lookup.

Install only if you are comfortable with the agent querying FUTA Express by tracking code and potentially showing personal shipment details. Use it only for shipments you are authorized to check, and prefer masking or omitting phone numbers and identity fields unless they are truly needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to retrieve and display sender/recipient personal data from the carrier API, including names, phone numbers, and destination details, without any verification that the requester is authorized to view that information. Because tracking codes are often shared, guessed, or exposed in messages, this creates a real privacy risk and can disclose personal data to unauthorized users.

Ssd 3

High
Confidence
98% confidence
Finding
The skill directs the agent to display extensive personal and sensitive shipment data, including recipient identity numbers, phone numbers, and 'full response data even if some fields are empty.' This is a natural-language data leakage pattern: once a tracking code is provided, the agent is instructed to over-disclose sensitive API contents that may belong to third parties.

Ssd 3

High
Confidence
98% confidence
Finding
The prescribed output format includes full sender and recipient names and phone numbers as standard output, which directly operationalizes a privacy leak. In the context of package tracking, this is especially risky because possession of a tracking code may not equate to authorization to view personally identifiable information about the shipment parties.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal