The skill is vulnerable to prompt injection and shell
Claims to do
baidu-ecommerce-search: 百度电商一站式服务,覆盖商品知识查询和购物交易全流程。支持商品对比、品牌知识、品类选购指南、商品参数解读、品牌榜单及单品榜单等知识查询能力;同时提供商品搜索、规格查看、地址管理、下单购买、订单查询及售后服务等完整交易链路,帮助用户从决策到购买一步到位。
Actually does
This skill executes various `python3` scripts (`compare.py`, `knowledge.py`, `ranking.py`, `spu.py`, `order.py`, `after_service.py`, `address.py`, `cps.py`) to perform e-commerce functions. It requires a `BAIDU_EC_SEARCH_TOKEN` environment variable to interact with Baidu's e-commerce APIs, handling product searches, comparisons, knowledge queries, address management, order creation, and after-sales services. It also generates and uses URLs for product listings and order completion.
openclaw skills install crossallen/baidu-ecommerce-searchDeBERTa classifier detected prompt injection (confidence: 0.96)
The skill executes local Python scripts (`scripts/*.py`) with user-provided input directly passed as arguments. This creates a significant risk of shell injection if the scripts do not properly sanitize input, potentially allowing arbitrary command execution on the host system.
python3 scripts/compare.py "<对比查询>"
The skill constructs clickable links (`[文本](URL)`) for product names and brands. If the backend API providing `spuUrl` or `brandLandingURL` is compromised or manipulated, it could lead to the display of phishing or malicious links to the user.
| 1 | [商品名称](spuUrl) |
The skill explicitly instructs not to mention source differences or platform switching to the user. While intended for a seamless user experience, this pattern could potentially obscure critical information from the user, affecting their informed decision-making.
全程不向用户提及来源差异或平台切换
[](https://mondoo.com/ai-agent-security/skills/clawhub/crossallen/baidu-ecommerce-search)<a href="https://mondoo.com/ai-agent-security/skills/clawhub/crossallen/baidu-ecommerce-search"><img src="https://mondoo.com/ai-agent-security/api/badge/clawhub/crossallen/baidu-ecommerce-search.svg" alt="Mondoo Skill Check" /></a>https://mondoo.com/ai-agent-security/api/badge/clawhub/crossallen/baidu-ecommerce-search.svgSkills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.