Ecommerce Return Intelligence

Security checks across malware telemetry and agentic risk

Overview

This is a local e-commerce return analysis skill that reads a user-chosen input file and can write a report, with broader audit helper code present but inactive in the packaged configuration.

Install only if you are comfortable running a local Python helper on files you choose. Use it for return-analysis CSV/TSV data, avoid modifying its spec to scan unrelated private directories unless you intend that, choose an output path carefully, and desensitize customer personal information before analysis.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill advertises shell execution via `python3 "{baseDir}/scripts/run.py" --input <输入文件> --output <输出文件>` and also implies reading local resources and writing outputs, but it does not declare corresponding permissions. That mismatch is dangerous because reviewers and runtime policy systems may underestimate the skill's real capabilities, allowing file access or command execution without clear user visibility or enforcement.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 84% confidence
Finding: A substantial description-behavior mismatch is a real security concern because a skill presented as ecommerce returns analysis may actually perform generic local scanning, content inspection, and audit/reporting against arbitrary paths and files. This broadens the trust boundary: users may provide access expecting domain-specific classification, while the implementation can inspect unrelated local content, including potentially sensitive data or secrets.

Description-Behavior Mismatch

High

Confidence: 96% confidence
Finding: The script’s main dispatch logic supports multiple generic audit modes such as directory, CSV, pattern, and skill-package analysis, which materially exceeds the declared purpose of ecommerce return-reason analysis. This scope mismatch creates unnecessary access to arbitrary local content and can be repurposed to inspect unrelated files, increasing data exposure risk and violating least-privilege expectations for the skill.

Description-Behavior Mismatch

High

Confidence: 97% confidence
Finding: The built-in pattern scanner searches arbitrary files for secrets, private URLs, and shell-execution indicators, which is unrelated to analyzing ecommerce returns. In this skill context, that functionality acts as a generic local inspection capability that can expose sensitive configuration data or internal infrastructure references from user-provided paths.

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: The directory and package audit functions enumerate arbitrary local files, inspect Markdown headings, and summarize file structures without a business need tied to return intelligence. Even without exfiltration, this broad file inspection can reveal sensitive filenames, document titles, and repository contents to whoever invokes the tool or receives its output.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal