Back to skill

Security audit

ozon-product-selection

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Ozon product-sourcing helper that uses AlphaShop/1688 APIs and API keys, with no evidence of hidden persistence, destructive behavior, or data exfiltration.

Install only if you intend to use AlphaShop/1688 for Ozon product sourcing. Configure API keys through the platform environment or a secrets manager, do not paste real keys into shared chats or commit them, monitor AlphaShop quota/billing because searches may consume credits, and prefer a controlled environment with pinned, current dependency versions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill instructs use of environment variables containing API credentials and external web/API access, but no explicit permissions are declared. That creates a transparency and consent gap: a host or reviewer may not realize the skill can read secrets and make network requests, increasing the chance of unintended secret exposure or unauthorized outbound calls. In this context, the risk is real because the workflow explicitly depends on `ALPHASHOP_ACCESS_KEY`/`ALPHASHOP_SECRET_KEY` and web/API queries.

Tp4

High
Category
MCP Tool Poisoning
Confidence
84% confidence
Finding
The documented behavior materially differs from what the skill actually appears to do: it claims Ozon trend analysis but instead relies on AlphaShop/1688 product lookup and also derives resale pricing from SKU data. Behavior mismatches are dangerous because they undermine informed consent, can cause users to authorize broader data access than expected, and make security review less reliable. Here the mismatch is amplified by direct use of third-party authenticated APIs and undocumented processing of detailed SKU/pricing information.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.20.0
PyJWT>=2.0.0
Confidence
94% confidence
Finding
requests>=2.20.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.20.0
PyJWT>=2.0.0
Confidence
94% confidence
Finding
PyJWT>=2.0.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
89% confidence
Finding
requests

Known Vulnerable Dependency: PyJWT — 8 advisory(ies): CVE-2026-32597 (PyJWT accepts unknown `crit` header extensions); CVE-2024-53861 (PyJWT Issuer field partial matches allowed); CVE-2022-29217 (Key confusion through non-blocklisted public key formats) +5 more

High
Category
Supply Chain
Confidence
91% confidence
Finding
PyJWT

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.