ClawHub

购物省钱宝 - 淘宝/京东/拼多多优惠查询、商品比价、链接转链

Security checks across malware telemetry and agentic risk

Overview

This shopping skill sends shopping searches, product links, and share codes to a disclosed coupon API, with no evidence of credential access, persistence, destructive behavior, or hidden data harvesting.

Install only if you are comfortable sending shopping searches, product links, and platform share codes to op.squirrel2.cn. Avoid pasting links or messages that contain account details or private personal information. The skill also performs a disclosed daily update check to clawhub.ai unless disabled with PRICECOMPARE_NO_VERSION_CHECK=1.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Low
Confidence
88% confidence
Finding
The skill performs an additional outbound network request to a third-party version-check endpoint that is not part of the core shopping functions and is not disclosed in this file. Even though the data sent appears limited, this creates hidden network behavior, expands the trust boundary, and can leak usage patterns such as when the skill is invoked.

Intent-Code Divergence

Low
Confidence
84% confidence
Finding
The wrapper function claims to only wrap call_api, but it also performs a hidden side effect by invoking the version check first. This is risky because callers may believe they are only making the documented business API call, while the function actually triggers unrelated outbound communication.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README advertises automatic link conversion and API-backed processing but does not disclose that user-supplied shopping queries, product URLs, or share links may be sent to an external service. This creates a privacy and transparency issue because users may unknowingly expose shopping behavior, referral identifiers, or third-party link metadata to a remote host over plain HTTP.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation says the skill parses platform share codes and links, but it does not warn that those artifacts can contain referral, account-association, or behavioral data that will be processed externally. In this shopping-assistant context, the omission is more concerning because the core workflow encourages users to paste third-party promotional content that may reveal sensitive consumer activity.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The version-check request sends network activity to an external service without visible disclosure in this file, which can reveal that the skill is installed or being used in a given environment. While the transmitted data is likely minimal, undisclosed telemetry-like behavior is still a privacy and trust concern.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The parse_share_content path sends raw user-provided content to a remote API endpoint, and this file does not show any disclosure, minimization, or consent mechanism. Because share content may contain links, promo codes, embedded identifiers, or other sensitive text, this can expose user data to an external service.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal