ClawHub
Back to skill

Security audit

shop-review-generator

Security checks across malware telemetry and agentic risk

Overview

The skill is not malware, but it handles user photos and map links with under-scoped network/security behavior and can generate authentic-looking public reviews.

Install only if you are comfortable with a review-drafting skill that sends shop/location context and photo-derived information to external services. Avoid private or sensitive photos, verify every generated claim before posting, and consider disclosing AI assistance. The publisher should remove the embedded API key, require user-provided configuration, add a clear privacy notice, strictly validate Amap hosts before network requests, remove the unverified TLS fallback, and document or clean up converted image files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Embedding an Amap API key in a bundled script exposes reusable credentials to anyone with access to the skill package and enables unauthorized third-party use of the external API. Even if intended only for POI lookup, leaked keys can be abused for quota exhaustion, billing impact, or access under the publisher's identity.

Missing User Warnings

High
Confidence
92% confidence
Finding
The skill instructs sending user-provided store links and processing user photos through web search and Amap API workflows without clearly informing the user that their data may be transmitted to external services. This creates privacy and consent risk, especially because photos and location-linked content can contain sensitive metadata or reveal behavioral patterns.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The HEIC conversion workflow directs execution of conversion scripts and command-line tools on user-supplied images but does not clearly disclose that local JPEG copies may be created or that files may persist after processing. This can expose sensitive image content on disk longer than expected and increase the risk of unintended retention or later access by other processes/users.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
`extract_poi_id_from_url` will issue a `HEAD` request to attacker-controlled input whenever the string contains `surl.amap.com` or `m.amap.com`, without first validating the hostname. This can be abused for server-side request forgery behavior or unintended outbound requests from the agent environment, which is more concerning in a skill that processes user-supplied map links.

Missing User Warnings

High
Confidence
98% confidence
Finding
If `certifi` is unavailable, the code falls back to `ssl._create_unverified_context()`, disabling TLS certificate validation for all subsequent HTTPS requests. That permits man-in-the-middle interception or response tampering, exposing the embedded API key and allowing falsified POI data to influence downstream review generation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal