Security audit

Grocery Shopping Kroger

Security checks across malware telemetry and agentic risk

Overview

This appears to be a Kroger shopping skill with coherent features, but it can use location data and change a live Kroger cart without clearly documented confirmation boundaries.

Review before installing. Use it only if you are comfortable with the agent using your location-derived zip code for store lookup and changing your Kroger cart. Before any cart update, ask the agent to show the exact items, quantities, store, and account action, then confirm only after reviewing them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill advertises broad activation phrases such as 'add to cart' and other generic grocery-shopping intents that can match ordinary conversation, increasing the chance of unintended invocation. In this skill, unintended activation is more serious because the tool can use injected location data and perform live account-affecting actions like adding items to a Kroger cart.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill states that user location is injected automatically and supports adding items to a live Kroger cart, but it does not prominently require user awareness or consent before these privacy- and account-impacting actions occur. That creates a risk of silent location use and unintended modification of a connected retail account.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The schema states that user location in the form of zip code is injected automatically, but it does not clearly warn that location-derived personal data will be used as part of the action. Silent use of location information can surprise users and enable privacy-invasive behavior by downstream agents that invoke the tool without obtaining informed consent.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The add_to_cart action modifies the user's Kroger account state by adding items to their cart, but the schema does not include a clear warning that invoking this tool will change account data or potentially prepare purchases. In an agent setting, this increases the risk of unintended cart manipulation, deceptive upselling, or unauthorized account actions if the user has not explicitly confirmed the operation.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal