Back to skill

Security audit

AfterShip Tracking & Returns

Security checks across malware telemetry and agentic risk

Overview

This appears to be a read-only AfterShip tracking integration, with the main privacy consideration that tracking numbers or store domains may be sent to AfterShip when used.

Install only if you are comfortable with shipment identifiers, carrier names, shipment questions, and merchant store domains being handled by AfterShip's remote service. Disable or avoid the skill for sensitive shipments, confidential merchant domains, or cases where broad shipment phrases should not trigger live tracking.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The skill advertises automatic triggering for broad shipment-related queries, which can cause an agent to send user-supplied tracking numbers or shipment context to a remote AfterShip service without sufficiently explicit user intent. In a chat setting, this increases the chance of unintended third-party disclosure of package metadata and creates overcollection risk from ambiguous phrases like 'where is my package' or 'has it shipped'.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill does not provide a clear user-facing notice that tracking numbers and store domains will be transmitted to a remote AfterShip endpoint. Even if the service is read-only, tracking numbers and store domains can still be sensitive business or personal data, so silent transmission to a third party undermines informed consent and privacy expectations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.