Competitor Tracker

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent competitor-monitoring guide with disclosed basic tooling and no evidence of hidden code, credential access, exfiltration, or destructive behavior.

Install in an isolated Python environment if dependencies are used, and only monitor data you are allowed to collect. Confirm each ecommerce platform's terms, robots or anti-bot restrictions, and privacy obligations before scraping or storing reviews, sales estimates, inventory, or ranking data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill explicitly promotes broad competitor monitoring across multiple e-commerce platforms, including tracking prices, sales estimates, reviews, inventory, rankings, and promotions, but it provides no guidance on lawful collection, platform Terms of Service, anti-scraping restrictions, or privacy/data-handling boundaries. In this context, the omission is risky because it normalizes potentially unauthorized data collection and surveillance-style monitoring workflows that could lead users to violate platform rules or process sensitive third-party data improperly.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal