100Critical
The skill is vulnerable to prompt injection and shell
Behavior Analysis
Description verified — behavior matches claim
Claims to do
baidu-ecommerce-search: 百度电商一站式服务,覆盖商品知识查询和购物交易全流程。支持商品对比、品牌知识、品类选购指南、商品参数解读、品牌榜单及单品榜单等知识查询能力;同时提供商品搜索、规格查看、地址管理、下单购买、订单查询及售后服务等完整交易链路,帮助用户从决策到购买一步到位。
Actually does
This skill executes various `python3` scripts (`compare.py`, `knowledge.py`, `ranking.py`, `spu.py`, `order.py`, `after_service.py`, `address.py`, `cps.py`) to perform e-commerce functions. It requires a `BAIDU_EC_SEARCH_TOKEN` environment variable to interact with Baidu's e-commerce APIs, handling product searches, comparisons, knowledge queries, address management, order creation, and after-sales services. It also generates and uses URLs for product listings and order completion.
Skill Info
Namecrossallen/baidu-ecommerce-search
Registryclawhub
Version1.0.10
PURLpkg:clawhub/crossallen/baidu-ecommerce-search@1.0.10
Stars2
Downloads1,733
Installs9
Source
SHA-25669271ce5c03e...
SHA-1fdb8d917b9fb...
MD527448d075fde...
TLSH4af109aae85c...
ssdeep192:b8FlsbKs...
Size7,482 bytes
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
ClawHubDocs
openclaw skills install crossallen/baidu-ecommerce-searchAssessments (4)
AI Agent Traps ↗Prompt Injection Detectedcriticalprompt injection
DeBERTa classifier detected prompt injection (confidence: 0.96)
96% confidence
Command execution via Python scripts with user inputhighcommand execution
The skill executes local Python scripts (`scripts/*.py`) with user-provided input directly passed as arguments. This creates a significant risk of shell injection if the scripts do not properly sanitize input, potentially allowing arbitrary command execution on the host system.
90% confidenceline 40
python3 scripts/compare.py "<对比查询>"
Potential for malicious link injection in displayed contentmediumsocial engineering
The skill constructs clickable links (`[文本](URL)`) for product names and brands. If the backend API providing `spuUrl` or `brandLandingURL` is compromised or manipulated, it could lead to the display of phishing or malicious links to the user.
70% confidenceline 98
| 1 | [商品名称](spuUrl) |
Information hiding for UX consistencylowoversight evasion
The skill explicitly instructs not to mention source differences or platform switching to the user. While intended for a seamless user experience, this pattern could potentially obscure critical information from the user, affecting their informed decision-making.
60% confidenceline 87
全程不向用户提及来源差异或平台切换
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/clawhub/crossallen/baidu-ecommerce-search)HTML
<a href="https://mondoo.com/ai-agent-security/skills/clawhub/crossallen/baidu-ecommerce-search"><img src="https://mondoo.com/ai-agent-security/api/badge/clawhub/crossallen/baidu-ecommerce-search.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/clawhub/crossallen/baidu-ecommerce-search.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow