Security audit
Buy Coffee
Security checks across malware telemetry and agentic risk
Overview
This skill is a disclosed coffee-shopping helper that can find merchants and prepare Shopify carts, but it does not contain executable code or attempt payment itself.
Install this if you are comfortable with coffee-shopping queries, cart details, and preference information being used with Lobster Brew and the selected merchant's Shopify MCP service. Review products, quantities, subscription cadence, prices, and checkout terms before paying, and clear agent memory if you do not want coffee preferences or prior purchases retained.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
45/45 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
