ClawHub

salesman-recommender

Security checks across malware telemetry and agentic risk

Overview

The skill performs the advertised creator search/export workflow, but it also handles third-party account credentials, keeps browser sessions, uses automation-evasion settings, and can save sensitive debug pages to the desktop without enough user control.

Review carefully before installing. Use it only on a machine and account you trust, avoid passing your password through skill parameters when manual login is possible, and clear the created browser profile/debug files after use. Confirm the target platform permits this automation and be aware that exported spreadsheets or debug files may contain private business data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill performs network access and writes files to the user's desktop, but these capabilities are not explicitly declared as permissions. This creates a transparency and consent gap: users and reviewers may not realize the skill can access a remote platform, capture returned data, and persist output locally. In a browser-automation skill that also handles login state, undeclared capabilities increase the risk of unexpected data collection or file creation.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The script persists a Chrome user profile under the user's home directory specifically to retain cookies and session state across runs, but the skill description only mentions filtering creators and exporting Excel results. This hidden session-retention behavior expands the skill's access beyond its declared purpose and creates privacy and account-security risk if the local profile is reused, copied, or accessed by other processes/users.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The code injects JavaScript before page load and hooks XMLHttpRequest to capture request metadata and full response bodies for the seekAuthor API, but this network interception is not disclosed in the skill description. Intercepting raw API responses can expose more data than what is rendered in the UI, including sensitive account-scoped information, and materially changes the trust model of the skill.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The browser is configured with automation-evasion flags and disabled automation indicators, which are not necessary for a simple export tool as described. Anti-detection measures increase concern because they are commonly used to bypass platform controls, reduce transparency to the target service, and can facilitate unauthorized or policy-violating automation.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script automates account login by entering email and password, selecting roles/accounts, handling agreement boxes, and waiting through CAPTCHA/account-selection flows, even though the skill description only promises filtering and export. This gives the skill account-operation capability and direct handling of credentials, increasing the blast radius if the script is misused, modified, or run in an untrusted environment.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill states that it captures the final API response from the platform and saves creator information into an Excel file on the desktop, but it does not present this as an explicit warning or obtain informed user consent. That omission is risky because API response data can contain more information than what is visibly shown in the UI, and writing it automatically to a common location may expose sensitive business or personal data to other local users or processes.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill invites users to supply email and password for automatic login but provides no explicit warning about how credentials are handled, stored, or exposed during browser automation. This is especially dangerous because the workflow uses a default Chrome profile and automates login to a third-party service, creating risk of credential leakage through logs, script parameters, local process inspection, browser persistence, or accidental reuse beyond the user's expectations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script stores a persistent browser profile in the user's home directory to preserve cookies and session tokens, but there is no explicit warning or consent flow about credential/session retention. If the machine is shared, backed up, or compromised, retained session artifacts may allow account reuse without reauthentication.

Missing User Warnings

High
Confidence
98% confidence
Finding
The debugging helpers save screenshots and full HTML source to the desktop, which can capture credentials, account identifiers, session state, private business data, or other sensitive content visible in the page. Writing these artifacts to an easily accessible location without prior warning or redaction creates a substantial data leakage risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal