TangleClaw eBay Research
Security checks across malware telemetry and agentic risk
Overview
This plugin appears to be a disclosed, read-only eBay research integration that uses eBay app credentials to query listings, categories, and optional sold-history data.
Install only if you are comfortable providing an eBay developer app client ID and cert ID. Keep the credentials file restricted, review whether you want production or sandbox mode, and enable Marketplace Insights only after eBay grants that access. VirusTotal and SkillSpector were clean, and the artifact behavior is coherent with the stated read-only research purpose.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
60/60 vendors flagged this plugin as clean.