Back to skill

Security audit

Buy Coffee

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed coffee-shopping helper that can find merchants and prepare Shopify carts, but it does not contain executable code or attempt payment itself.

Install this if you are comfortable with coffee-shopping queries, cart details, and preference information being used with Lobster Brew and the selected merchant's Shopify MCP service. Review products, quantities, subscription cadence, prices, and checkout terms before paying, and clear agent memory if you do not want coffee preferences or prior purchases retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

45/45 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.