ClawHub

Spx Tracking

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed SPX package-tracking helper that sends a user-provided tracking number to SPX and formats the returned shipment details.

Install this only if you are comfortable sending SPX or CAINIAO tracking numbers to spx.com.my and viewing shipment details that may include recipient and route information. Avoid using the optional cookie unless necessary, and never paste broad browser session cookies into shared logs or untrusted environments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill documentation indicates it performs outbound network requests to the public SPX API, but no corresponding permission declaration is present. This creates a policy and transparency gap: the agent/runtime may invoke network-capable behavior users or operators did not explicitly approve, increasing the risk of unintended data disclosure such as tracking numbers or optional session cookies being sent externally.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill returns significantly more data than needed for basic shipment tracking, including recipient name, detailed event timeline, coordinates, and full addresses. This creates unnecessary exposure of sensitive logistics and identity information, which could enable stalking, profiling, or misuse if a user supplies a valid tracking number that does not belong to them.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The code performs route reconstruction, stay analysis, and bottleneck detection even though the skill is described as a simple tracking lookup. These derived analytics amplify the sensitivity of the underlying shipment data by making movement patterns and delays easier to interpret, which increases privacy risk and operational intelligence leakage beyond the user’s likely need.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger set is broad and includes common delivery-related words in both English and Chinese, plus CAINIAO references that may overlap with general logistics conversations. This can cause unintended invocation of the skill, leading to unnecessary external API calls and possible exposure of user-provided shipment identifiers or context to a third-party service when the user did not intend SPX tracking specifically.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal