Back to skill

Security audit

Rakuten Shop Analysis

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Rakuten shop analysis wrapper that sends a user-provided shop URL or shop code to its hosted backend and returns structured results.

Use this only for Rakuten shop URLs or shopCodes you are comfortable sending to the hosted service at rakuten.845817074.xyz. Do not include unrelated confidential information in the prompt, and verify the publisher or repository if you require stronger provenance.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill sends the user-supplied `shopInput` to an external API endpoint on a third-party domain (`https://rakuten.845817074.xyz`) without any visible disclosure, consent prompt, or data-handling notice. Even if the expected input is only a shop URL or shop code, users may provide broader business-sensitive URLs or identifiers, and the code transmits them off-platform automatically.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.