翱象发品
Security checks across malware telemetry and agentic risk
Overview
This skill documents bulk creation of live merchant products, but the reviewed package lacks the referenced implementation files and does not define clear safeguards before changing store data.
Review before installing or using with a real merchant account. Ask the publisher for the missing implementation files, verify the endpoint and signing logic, use least-privilege credentials, and require a SKU/price preview plus explicit confirmation before any batch publish action.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.