ClawHub

Skill Dropshipping Fulfillment

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real dropshipping automation skill, but it needs review because it can place supplier orders and make broad WooCommerce catalog changes using stored credentials.

Install only if you intend to give this skill authority over your WooCommerce store and CJ Dropshipping account. Use least-privileged API keys, keep credential JSON files outside the repo with restricted file permissions, run dry-run first, prefer single-order fulfillment when testing, and treat rebuild-mapping.js as a live catalog-mutation tool rather than a harmless report.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Tp4

High
Category
MCP Tool Poisoning
Confidence
89% confidence
Finding
The skill is presented as an order-fulfillment automation, but the documented behavior also includes broader catalog synchronization actions such as rebuilding mappings, querying product catalogs, and potentially backfilling missing SKUs on WooCommerce products and variations. That mismatch is dangerous because operators may grant credentials and run the skill expecting order-only effects, while it can also modify product catalog data and rewrite mapping files, increasing the chance of unintended data changes or over-privileged execution.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
This script performs catalog-maintenance actions outside the narrowly described fulfillment flow: it backfills WooCommerce product and variation SKUs and generates a persistent supplier-selection mapping file. Those write operations touch published catalog data at scale, so if run with production credentials they can unintentionally alter storefront inventory metadata or create incorrect supplier mappings that affect downstream order routing.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The script enumerates all published WooCommerce products and can rewrite product or variation records in bulk, which exceeds what is necessary to submit processing orders to CJ Dropshipping. In this skill context, broad catalog read/write access increases blast radius: a bad match algorithm, stale CJ data, or accidental execution could mass-modify SKUs across the store and disrupt fulfillment, inventory sync, or product integrity.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The code persists a CJ API access token in a local JSON config file on disk without any protections, rotation handling beyond expiry, or safeguards around file permissions. If the host is multi-user, the workspace is backed up, or the file is accidentally committed, an attacker who obtains the file can reuse the token to access the CJ account and act on behalf of the integration until expiration.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal