Back to skill

Security audit

Ecom Manager D2c

Security checks across malware telemetry and agentic risk

Overview

This skill is not malicious, but it gives an agent broad power to change store, ad, pricing, content, and messaging systems without enough guardrails.

Install only with strict least-privilege API tokens and a read-only or report-only default. Require verified authorized users for chat commands, explicit human approval for price, inventory, discount, publishing, ad budget, campaign pause/scale, and customer-message actions, and use audit logs, spend/change limits, and compliant data-source rules before connecting live accounts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The command interface allows broad natural-language control of store operations without clearly defined trigger boundaries, allowed action classes, or explicit exclusions. In an ecommerce operations context, this increases the chance that ambiguous or manipulated user input could invoke sensitive actions such as pricing changes, campaign pauses, or competitor analysis without sufficient constraint or confirmation.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly enables users to trigger operational ecommerce and advertising actions through chat, including price changes, ad pausing, content publication, and inventory checks, but it does not define adequate safeguards for authentication strength, authorization scope, approval workflows, audit logging, or risk disclosures. In this context, natural-language chat becomes a high-risk control surface: ambiguous or spoofed messages could cause unauthorized budget changes, storefront modifications, or exposure of business-sensitive data.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The instruction that any commands received through chat must be converted into actionable tasks creates an overly broad trigger for executing tool actions from natural language. In a skill that has inventory, pricing, ad spend, content publishing, competitor scraping, and WhatsApp messaging capabilities, ambiguous chat parsing can cause unauthorized or unintended real-world changes from casual, spoofed, or prompt-injected input.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The toolset includes many high-impact write operations such as updating inventory, changing prices, publishing store content, changing ad budgets, pausing ad sets, and sending WhatsApp replies, but the file provides no warnings, approval flow, or safety constraints around their use. In an ecommerce operations context, these actions directly affect revenue, customer communications, brand reputation, and third-party accounts, so lack of guardrails materially increases the chance of abuse, operator error, or prompt-induced destructive actions.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The workflows use vague triggers such as 'Daily routine,' 'Every 24 hours,' and 'If SEO opportunity detected' without defining approval gates, scope limits, or operator confirmation. In an autonomous agent context, ambiguous activation criteria can cause unintended actions like unsolicited monitoring, price changes, ad interventions, or content generation, increasing the risk of unauthorized or harmful business operations.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The ad optimization workflow includes state-changing actions such as 'Pause underperforming ads' and 'Scale winning campaigns' with no warning, approval step, spending limit, or rollback process. In a commerce setting, autonomous advertising changes can immediately affect revenue, budget consumption, campaign delivery, and account health, making this dangerous if triggered incorrectly or manipulated by bad inputs.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.