ClawHub

Gumroad Analytics

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it fetches Gumroad analytics, saves local summaries, and only stores raw API data when the user explicitly asks for it.

Install this only if you want an agent to read your Gumroad sales and product data. Keep the Gumroad token file private, use a dedicated or revocable token if possible, and avoid --store-raw unless you are comfortable retaining detailed Gumroad API responses locally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill declares shell execution, file reads, and file writes through its documented behavior, but does not declare explicit permissions or constraints for those capabilities. This weakens reviewability and sandbox enforcement because the agent may perform sensitive operations without a clear least-privilege contract.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
When --store-raw is used, the script persists the full products API response to disk without any redaction or schema filtering. Even if sales data is partially redacted, product payloads can still contain metadata, drafts, URLs, or other sensitive business information, which conflicts with the skill's stated default of avoiding raw PII persistence and increases local exposure if the host is shared or compromised.

Intent-Code Divergence

Low
Confidence
83% confidence
Finding
The status message says raw files were written with only sales redacted, but the surrounding behavior can easily lead users to believe all stored raw output is safely sanitized. That mismatch is a security-relevant footgun because operators may handle or share the unredacted products file under a false assumption of redaction.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The script writes fetched API data to local files whenever --store-raw is supplied, but it provides no interactive warning or strong notice before persisting potentially sensitive content. In this skill context, the lack of a clear safety prompt makes accidental retention of sensitive business or customer-related data more likely.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal