ClawHub

Competitor Monitor

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed competitor price monitor that fetches product prices, saves local history, and can send user-configured alerts.

Install only if you are comfortable with monitored product names, prices, and price-change alerts being stored locally and sent to any webhook you enable. Use trusted HTTPS webhook URLs, keep webhook secrets private, and verify important pricing data against the source platform before making business decisions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill advertises and documents capabilities that imply file read/write and outbound network access, but it does not declare any permissions in metadata. This creates a transparency and least-privilege problem: users and hosting platforms cannot accurately assess what the skill will access, and undocumented network/file capabilities can be abused if the implementation differs from expectations.

Tp4

High
Category
MCP Tool Poisoning
Confidence
82% confidence
Finding
The declared purpose focuses on competitor price monitoring, but the documented behavior also includes sending data to WeCom/DingTalk webhooks and writing historical data, alerts, and reports to local files. That mismatch is security-relevant because it hides data flows and persistence behavior from users, which can lead to unintended exfiltration of monitored data or sensitive business intelligence to external endpoints.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The script persistently writes price history to local disk without disclosure, retention controls, or filename sanitization. While the stored content is not highly sensitive by itself, silent file creation can surprise users, leak monitored business intelligence to other local users/processes, and the unsanitized `product_name` in the filename could enable path traversal or arbitrary file overwrite if configuration is attacker-controlled.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
Saving generated alerts to Markdown files without disclosure creates undisclosed persistent artifacts and reuses unsanitized product-derived filenames. If an attacker can influence product names through configuration, this can become arbitrary file creation/overwrite outside the output directory via path traversal, and the saved alerts may expose sensitive competitive-monitoring data on disk.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The script sends monitored product names, pricing, and stock status to external WeChat/DingTalk webhook endpoints with no runtime disclosure, consent prompt, or destination validation. In a business context this can leak commercially sensitive competitive intelligence to third-party services or to attacker-controlled webhook URLs if configuration is tampered with.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal