Gumroad Admin

Security checks across malware telemetry and agentic risk

Overview

This is a simple Gumroad administration instruction skill whose sensitive access is disclosed and aligned with managing a store.

Use this only with a Gumroad token you are comfortable granting to a store-administration CLI. Verify which gumroad-admin executable is installed before setting the token, and manually confirm product ID, discount code, amount, and discount type before running any discount creation command.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The skill exposes a state-changing administrative command that creates discounts, but it does not clearly warn users that this action modifies live store configuration. In an agent-driven context, omission of such warnings can lead to accidental execution, unauthorized discount creation, or business-impacting changes if the tool is invoked without explicit confirmation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal