Back to skill

Security audit

cross-border-intel

Security checks across malware telemetry and agentic risk

Overview

The skill appears purpose-built for Amazon/TikTok commerce monitoring, but it needs Review because it uses an OpenClaw gateway token with an external backend and stores more raw data than users may expect.

Install only if you trust the Beansmile publisher and the configured Intel API backend. Treat watched ASINs, TikTok keywords, and resulting marketplace data as potentially sent off-host, use a least-privilege gateway token if available, and periodically inspect or clear the local SQLite database if the monitoring data is sensitive.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
runAmazonScan returns process.env.INTEL_DB_PATH to the caller even though the function's stated purpose is product scanning and alert generation. Exposing internal filesystem paths leaks unnecessary deployment details that can aid follow-on attacks, debugging abuse, or targeted file access attempts if this result is surfaced through an API or UI.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The report payload includes `dbPath: process.env.INTEL_DB_PATH || ''`, which leaks internal filesystem configuration to any caller that can access generated reports. Even if this is not a direct exploit by itself, exposing backend path information is unnecessary for the product-intelligence function and can aid follow-on attacks, troubleshooting abuse, or environment fingerprinting.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README explicitly documents outbound API calls to a third-party backend and use of a gateway token, but it does not clearly disclose that product/watchlist data may be transmitted externally or provide guidance on credential handling. In a security-sensitive agent ecosystem, this can lead users to unintentionally send business intelligence data off-host or mismanage tokens, increasing the risk of data exposure and unauthorized backend access.

Missing User Warnings

Medium
Confidence
76% confidence
Finding
The function stores the full raw TikTok video object via JSON.stringify(video) into the database, which can retain more data than is needed for alerting and trend analysis. If the upstream API includes unexpected metadata or personal data, this creates unnecessary retention and expands exposure in case of database compromise or overbroad internal access.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.