Amazon Category Research

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a real Amazon research tool, but it forces cloud document creation, local report retention, and user-identity Feishu authorization without enough user control.

Install only if you are comfortable with the agent using an OpenClaw browser profile, reading Amazon/SellerSprite/SIF page data, creating Feishu documents as you, and saving report backups in the workspace. Review Feishu scopes, avoid confidential research inputs unless cloud storage is acceptable, delete local backups when no longer needed, and confirm selector-healing changes before allowing them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (10)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: cmd = [sys.executable, script_path] if args: cmd.extend(args) r = subprocess.run(cmd, capture_output=True, text=True) if r.returncode != 0: raise RuntimeError(f"{script_name} 执行失败: {r.stderr.strip() or '未知错误'}") return r.stdout.strip()
Confidence: 85% confidence
Finding: r = subprocess.run(cmd, capture_output=True, text=True)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The skill’s stated purpose is Amazon category research, but it mandates creating Feishu cloud documents and local Markdown backups for every run. That expands the data flow beyond research collection into external persistence and syncing, increasing the chance of unnecessary retention, disclosure, or misuse of collected commercial data.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The skill requires Feishu OAuth checks and insists documents be created under the user’s identity, even though Amazon research itself does not inherently require third-party document access. This creates unnecessary credential scope expansion and can cause the agent to act with the user’s cloud-document privileges without a tight functional justification.

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The self-healing flow can modify `selector_registry.py`, meaning a research skill can alter its own extraction logic at runtime. Self-modifying behavior increases the attack surface, undermines reviewability, and could be abused to persist unsafe logic or silently broaden future data collection.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The README explicitly says the generated Feishu report's Markdown source will be saved to the local workspace as an authoritative backup, but it does not clearly warn users that potentially sensitive market research, ASIN lists, and derived business intelligence will persist locally. This creates a real privacy and data-retention risk, especially in shared workspaces, synced folders, or environments with broader filesystem access than the user expects.

Natural-Language Policy Violations

Medium

Confidence: 95% confidence
Finding: The skill mandates creating Feishu documents under the user's identity rather than a bot identity, but does not present this as an informed user choice. That can cause documents to be created, attributed, and potentially shared under the user's personal or organizational account without explicit consent, increasing privacy, audit, and authorization risk.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The README promotes automatic collection, validation, local Markdown backup, and Feishu cloud document creation, but it does not give a clear, prominent user-facing notice about what data leaves the browser, what is stored locally, and what is uploaded to Feishu during ordinary use. This can lead users to unknowingly transmit potentially sensitive research inputs, ASIN lists, plugin-derived market data, and generated analyses to external storage and third-party services.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger list includes very broad generic terms like market research, product analysis, keyword research, and data scraping, which can cause the skill to activate in contexts beyond narrowly scoped Amazon category analysis. Overbroad invocation increases the chance that browser automation, local storage, and external document workflows run when the user did not specifically intend this skill.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill requires saving generated reports to local files in the workspace but does not present this as a clear user-facing consent or warning. Silent local persistence can expose sensitive business research, user inputs, or collected competitor data to later reuse, leakage, or access by other processes.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The script writes changes directly to the selector registry without any confirmation, backup, or atomic safety check at the write point. In an agent-driven workflow, this increases the risk of unintended or poisoned selector updates that silently alter future scraping behavior, especially because proposed selectors are derived from external page content and CLI input.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal