ClawHub

OpenClaw全领域电商运营超级Skill V1.0.0

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real ecommerce operations helper, but it can process and export customer/order data with broad auto-trigger instructions and limited privacy or path controls.

Review before installing if you plan to use real customer, order, or sales data. Use only files you intentionally provide, keep exports in a controlled folder, remove or mask phone/address fields when possible, back up data before batch work, and avoid production customer data unless you have permission and a retention plan.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The prompt makes an absolute trust claim that the document is '100% synchronized' with code and that all functions were 'actually tested and verified,' but the file itself is only descriptive documentation and provides no evidence. In an agent setting, such claims can suppress scrutiny, cause over-trust in undocumented behavior, and increase the chance an operator or downstream model executes risky capabilities without independent validation.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The Excel export routine writes arbitrary DataFrame contents directly to disk, and elsewhere in this skill those DataFrames can include order/customer fields such as names, phone numbers, and addresses. This is dangerous because it creates persistent local copies of personal data without any consent prompt, minimization, masking, or safer-default controls, increasing the risk of unintended disclosure on shared hosts or via later exfiltration.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The batch export helper serializes supplied data to xlsx/csv/json under the output directory with no warning or privacy guardrails. In the context of this skill, the exported structures are likely to include business and customer records, so the function can persist sensitive data in easy-to-copy formats without redaction or user awareness.

Vague Triggers

High
Confidence
96% confidence
Finding
The trigger list contains many broad everyday words such as '分析', '文案', '客服', and '批量', which can cause accidental activation from ordinary conversation rather than explicit user consent. Because this skill includes file reads, exports, and batch processing, a false trigger could lead to unintended handling of user data or side-effecting operations.

Vague Triggers

Medium
Confidence
93% confidence
Finding
Several modules use overlapping trigger terms without any priority, exclusivity, or conflict-resolution rules, so the agent may invoke the wrong workflow. In this context, ambiguous routing is more dangerous because some workflows touch files, generate exports, or process user-provided datasets, increasing the risk of unintended actions and data exposure.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The document instructs the agent to read Excel files, export reports to local paths, and batch-process images, but it does not require user confirmation, path restrictions, or warnings about data handling. In a real agent environment, these operations can overwrite files, expose sensitive business data, or process unintended local content if triggered too broadly.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal