ClawHub

星罗好货linkbot

Security checks across malware telemetry and agentic risk

Overview

This shopping skill is coherent and disclosed: it sends product searches or links, and an optional affiliate API key, to an external service to return prices, coupons, and purchase links.

Install this only if you are comfortable sending shopping keywords or product URLs to linkbot-api.linkstars.com. Use a dedicated LINKBOT_API_KEY if you want commissions attributed to you, and be aware that without a valid key the service says it may use a default configuration.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill declares only `requires: ["network"]`, but its metadata and usage clearly show additional sensitive capabilities: reading an environment variable (`LINKBOT_API_KEY`) and invoking local code via `python3`/shell install steps. This mismatch can bypass permission transparency, causing hosts or users to underestimate what the skill can access and execute.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script transmits user-provided search terms or product URLs, along with an API key, to a third-party remote service without any explicit user notice or consent in the tool behavior. In a shopping assistant context this network transmission is expected, but the lack of disclosure can expose sensitive user inputs or affiliate credentials to an external operator without the user's awareness.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The code silently reads LINKBOT_API_KEY from the environment and uses it for external requests, with no explicit disclosure in the script's runtime behavior. This is not code execution or direct secret leakage by itself, but it creates a transparency and secret-handling risk because users may not realize an external credential is being used on their behalf.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal