ClawHub

男装电商系统

Security checks across malware telemetry and agentic risk

Overview

This is a coherent e-commerce project generator, but it includes unsafe database credentials and destructive maintenance examples that should be reviewed before use.

Install only for a dedicated development workspace. Review generated files before running them, replace root/123456 and static JWT secrets with environment-managed values, avoid production databases, and do not run the cleanup or backup-pruning snippets until backups, affected-row counts, and retention policy are explicitly reviewed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The backup script embeds privileged database access using the root account and includes an automated filesystem deletion command. In a skill intended to generate an e-commerce application, providing executable operational scripts with hardcoded high-privilege credentials materially increases the risk of credential exposure, misuse, and destructive actions on backup data.

Intent-Code Divergence

Low
Confidence
91% confidence
Finding
The text claims least privilege, but the SQL grants broad SELECT/INSERT/UPDATE/DELETE over the entire application database. If those credentials are compromised, an attacker can modify or delete any application data, so the mismatch encourages unsafe deployment assumptions.

Vague Triggers

Medium
Confidence
76% confidence
Finding
The invocation guidance is broad enough that the skill may trigger on generic requests to create an e-commerce system without tight boundaries on scope, user approval, or safe operating mode. Over-broad triggering can cause the skill to activate in contexts where the user did not intend repository initialization, script-backed generation, or large-scale code production, increasing the likelihood of unwanted actions.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The maintenance section includes irreversible DELETE statements for orders and carts without transactional safeguards, confirmation steps, or explicit warning about data loss. In an agent skill context, such commands can be copied or generated into operational workflows and cause accidental destruction of business records.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
Automatic pruning of backup files permanently removes recovery points, and the script presents this deletion behavior without warning or configurable safeguards. In production-like guidance, this can lead to preventable loss of restore capability after operator error, ransomware, or delayed incident discovery.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The summary explicitly states that the skill will generate a complete runnable project, deployment scripts, and test data, but it does not disclose that using the skill may create or modify files and directories on the local system. In an agent/skill setting, missing notice about filesystem side effects can mislead users into approving actions they did not fully understand, increasing the chance of unintended writes, overwrites, or clutter in the workspace.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal