ClawHub

Amazon Ops Agents

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Amazon seller strategy skill with broad triggers, but no evidence of hidden code, credential access, persistence, or automated account actions.

Install if you want Amazon seller operations advice and are comfortable sharing relevant business details. Do not provide Seller Central credentials, API keys, customer personal data, or confidential supplier terms unless a future version adds a clearly scoped, necessary integration with explicit controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Vague Triggers

Medium
Confidence
85% confidence
Finding
The README advertises very broad free-form prompts like asking the system to analyze products, reviews, inventory, or launch strategies without defining clear activation boundaries, supported inputs, or refusal conditions. In an agent skill context, this can cause over-triggering, ambiguous routing, and unsafe reliance on unscoped user requests, which increases the chance of the skill being used for unintended decision support or processing adversarial prompts.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger set includes broad action phrases such as '帮我分析/优化/制定计划' that commonly appear in unrelated conversations. This can cause unintended activation and prompt interception, making the skill respond outside its intended Amazon-operations scope and potentially override safer or more relevant skills.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The scenario trigger conditions are loosely defined around broad domains like '亚马逊运营、跨境电商、Amazon Seller' without clear boundaries or exclusion criteria. Ambiguous routing increases the chance of accidental invocation on partially related requests, which can mis-handle user intent and expose the system to prompt-scope confusion.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The keyword routing table contains vague phrases like '我要分析/帮我看/情况如何', which are generic expressions usable in almost any context. Such broad routing terms materially increase false activations and create a prompt-routing weakness where unrelated user queries may be captured by this skill.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list is broad and includes short, generic terms such as 'List', 'PPC', 'FBA', and '品牌', which are likely to match ordinary ecommerce conversations beyond the intended use case. This can cause the skill to activate unintentionally, increasing the chance of unwanted interception of user requests, misrouting, or over-application of the skill in unrelated contexts.

Ssd 4

Medium
Confidence
82% confidence
Finding
The version history's '信任重建' and explicit reframing from operational/tooling capability to 'pure strategy advisor' is a red-flag pattern because it attempts to preempt trust concerns through narrative repositioning rather than technical guarantees. In adversarial skill review, this can indicate an effort to normalize prior risky capability and reduce scrutiny, especially when combined with claims that security-relevant descriptions were removed.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal