Back to skill

Security audit

Amazon Opportunity Discoverer

Security checks across malware telemetry and agentic risk

Overview

This is a coherent APIClaw-backed Amazon product research skill, but users should know their product queries and business criteria are sent to APIClaw and may consume API credits.

Install only if you are comfortable sharing Amazon research keywords, ASINs, categories, filters, budget or seller-profile context with APIClaw. Prefer a dedicated APIClaw key in APICLAW_API_KEY, monitor credit usage, and avoid storing API keys in shared config files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill declares no permissions while its documented behavior and referenced script imply access to environment secrets, local files, and outbound network calls. This creates a transparency and governance problem: users and platforms may authorize or invoke the skill without understanding it can read `APICLAW_API_KEY`, access reference files, and contact external services.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The skill description materially understates and misrepresents the available functionality, including additional research, monitoring, listing audit, direct endpoint access, and self-check commands. This is dangerous because reviewers and users may approve or invoke the skill for a narrow 'opportunity scanner' use case while the underlying tool exposes broader data access and actions than expected, defeating informed consent and security review.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation text uses broad phrases like 'what should I sell' and 'product ideas', which can cause the skill to activate in loosely related conversations. In a skill with network access and API-key-backed external calls, overbroad triggering raises the risk of unintended execution, unnecessary third-party data sharing, and surprise credit consumption.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The skill silently reads credentials from a local config file in the skill directory, creating hidden credential-access behavior beyond the advertised environment variable path. In an agent/skill setting, undeclared secret sourcing increases the chance that users unknowingly expose API keys through bundled files, copied repos, or shared workspaces.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The code sends user-provided keywords, categories, ASINs, and derived metadata to a third-party service, but the call site provides no runtime disclosure or consent boundary. In a skill environment this matters because product research queries may reveal commercial intent, tracked products, or competitive strategy to an external provider.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The self-check command silently reads an API key from ~/.apiclaw/config.json, which expands credential access beyond what users may expect from a diagnostic command. Hidden secret discovery in home-directory files is risky in shared or automated environments because it normalizes broad secret scraping behavior and may surprise users during review.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.