淘宝图片搜索技能

Name: taobao-image-search
Author: lazygunner

Share on X Share on LinkedIn Share on Bluesky

100Critical

The skill is vulnerable to prompt injection and persistently stores sensitive user credentials locally, risking exfiltration by other processes.

ThreatsCI SM CS BC S HITL

incomplete

Behavior Analysis

Description verified — behavior matches claim

Claims to do

淘宝图片搜索技能: - 优先执行脚本：`run-taobao-task.js`。 - 脚本失败、登录超时或页面结构变化时，回退 `browser` 工具。 - 默认不下单、不支付；仅搜索与加购。

Actually does

This skill installs Playwright and Chromium, then executes a Node.js script (`run-taobao-task.js`) to automate image search and add-to-cart actions on `https://www.taobao.com`. It handles automatic login, uploads images, navigates product pages, and adds items to the cart, persisting browser sessions (including sensitive login tokens) locally. If the script fails, it falls back to a `browser` tool for manual interaction.

Threat Analysis

AI Agent Traps ↗Scanned 4/16/2026

Content InjectionPerception1 finding

Semantic ManipulationReasoningclean

Cognitive StateMemory & Learningclean

Behavioural ControlAction1 finding

SystemicMulti-Agent Dynamicsclean

Human-in-the-LoopHuman Overseerclean

Skill Info

Namelazygunner/taobao-image-search

Registryclawhub

Version1.1.3

PURLpkg:clawhub/lazygunner/taobao-image-search@1.1.3

Stars4

Downloads1,423

Installs4

Source

Repository ↗

SHA-256326ef76e6b14...

SHA-18cf3417cca6b...

MD56ca081a914ed...

TLSH1e81d92e8546...

Size3,870 bytes

Install

This skill has been flagged as potentially malicious. Review the findings below before installing.

OpenClawDocs

https://clawhub.ai/lazygunner/taobao-image-search

1,423 downloads4 installs

ClawHubDocs

openclaw skills install lazygunner/taobao-image-search

Assessments (2)

AI Agent Traps ↗

Prompt Injection Detectedcriticalprompt injection

DeBERTa classifier detected prompt injection (confidence: 0.96)

96% confidence

Storage of Sensitive User Credentialshighhardcoded secrets

The skill explicitly stores sensitive user credentials (Taobao login tokens, cookies, storage state) in local files (`taobao-storage-state.json`, `.pw-user-data-taobao/`). While a warning is provided, this creates a persistent artifact that could be targeted by other malicious processes or exfiltrated if the skill's script were compromised.

100% confidenceline 68

这些文件包含您的淘宝登录令牌，请务必将其视为敏感凭据，严禁上传或分享。

Badge

Markdown

[![Mondoo Skill Check](https://mondoo.com/ai-agent-security/api/badge/clawhub/lazygunner/taobao-image-search.svg)](https://mondoo.com/ai-agent-security/skills/clawhub/lazygunner/taobao-image-search)

HTML

<a href="https://mondoo.com/ai-agent-security/skills/clawhub/lazygunner/taobao-image-search"><img src="https://mondoo.com/ai-agent-security/api/badge/clawhub/lazygunner/taobao-image-search.svg" alt="Mondoo Skill Check" /></a>

Image URL

https://mondoo.com/ai-agent-security/api/badge/clawhub/lazygunner/taobao-image-search.svg

Secure your AI agents

Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.

Continuous scanning of skills across all registries
Policy enforcement before skills reach your agents
Integration with your existing security workflow