ClawHub

闲鱼商品精选助手

Security checks across malware telemetry and agentic risk

Overview

This marketplace-search skill appears useful, but it keeps plain-text shopping/search history without clear opt-in or retention controls.

Review this skill before installing if you use Xianyu searches for private purchases, sensitive interests, budgets, or location-specific shopping. Prefer installing only after logging is made opt-in, the activation phrases are narrowed, and there are clear controls to disable and delete saved search history.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill persists user search terms, timestamps, price ranges, and item links to local memory files even though its stated purpose is only to search and filter marketplace results. This creates unnecessary data retention, increases exposure of user activity, and can leak potentially sensitive interests or purchasing behavior to other skills, users, or operators with filesystem access.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The README discloses that all search records are stored in local memory files, including timestamps, keywords, result counts, price ranges, and the lowest-price item link, but this retention is only mentioned late in the document and without clear consent or retention controls. Search history can reveal user interests, purchasing intent, location preferences, and potentially sensitive commercial behavior, making silent or poorly disclosed persistence a privacy and security concern, especially on shared systems.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The skill records search history to `memory/YYYY-MM-DD.md` without any user-facing disclosure or consent. Silent collection of user queries and result details is a privacy issue because users may reveal personal interests, locations, budgets, or purchase intent without expecting that information to be stored persistently.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The activation commands and regex patterns are broad enough to trigger on ordinary shopping-related requests about Xianyu, not just explicit invocation of this skill. That can cause unintended skill activation, leading the assistant to route user queries into this skill unexpectedly and potentially override user intent or expose users to unreviewed marketplace interactions.

Ssd 3

Medium
Confidence
98% confidence
Finding
The skill explicitly instructs the agent to store user inputs and derived result details in plain-language memory logs. Plaintext persistence makes the data easy to inspect, aggregate, or misuse later, especially if memory files are shared across sessions or accessible to unrelated tools, turning ordinary shopping queries into retained behavioral data.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal