ClawHub

Cin7 Inventory

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Cin7 inventory toolkit, but it can change live stock, sales, and purchase records without built-in confirmation or dry-run safeguards.

Install only if you intend the agent to access and potentially modify live Cin7 business data. Use a least-privileged Cin7 API key where possible, protect any .env file, verify the API endpoint, and require human review before running stock, order, or purchase write commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
85% confidence
Finding
The skill exposes shell-based operational scripts while declaring no explicit permissions, which weakens transparency and policy enforcement around what the skill can execute. In a skill that can create and update orders, adjust stock, and query business data, undeclared shell capability increases the chance of over-privileged or unexpected execution behavior.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation advertises destructive and state-changing operations such as stock adjustments, stock transfers, and order or purchase creation/updates without clearly warning that they modify live inventory and transactional records. In an inventory-management context, this is especially dangerous because users or downstream agents may invoke examples as if they were safe read-only commands, causing financial loss, inventory corruption, and operational disruption.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script performs a state-changing external API call to create a purchase order immediately after receiving JSON input, with no interactive confirmation, dry-run mode, or explicit warning that it will modify inventory/procurement data. In an agent or automation context, this increases the risk of accidental or prompt-induced purchases being submitted to the live Cin7 environment, causing financial and operational harm.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal