ClawHub

uniqlo-price-watch

Security checks across malware telemetry and agentic risk

Overview

This is a coherent UNIQLO price-tracking skill with disclosed local storage and optional FireCrawl scraping, but users should keep its crawler limited to UNIQLO pages and handle the API key carefully.

Install only if you are comfortable saving a local UNIQLO watchlist in the workspace and optionally using FireCrawl. Keep crawler use limited to uniqlo.cn URLs, use a dedicated or low-privilege FireCrawl key if possible, and remove uniqlo/uniqlo-price-watch.csv when you no longer want the watchlist retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The script accepts any http/https URL and forwards it to a third-party scraping service, despite the skill being described as only tracking prices on uniqlo.cn. This creates a clear scope mismatch: an agent or user can use the helper as a generic exfiltration or browsing primitive, sending arbitrary targets and their contents to FireCrawl outside the stated purpose.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The activation text is broad enough to trigger on general shopping or product-comparison requests, which can cause the agent to invoke this skill unexpectedly. Because the skill performs persistence and web access, over-broad activation increases the chance of unintended file writes and external browsing without a clearly expressed user intent to start price tracking.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to create, update, and delete a CSV file in the user's working directory, but it does not require a user-facing notice or confirmation before modifying local state. This is dangerous because a user may ask about products conversationally and unknowingly trigger durable local data changes that persist across sessions.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill directs the agent to ask for or read the FIRECRAWL_API_KEY environment variable, which is sensitive credential material, without any warning, scoping, or least-privilege guidance. Accessing environment secrets for routine scraping expands the blast radius of the skill and can lead to unnecessary secret exposure or use of credentials the user did not intend to share with this workflow.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal