Back to skill

Security audit

Admapix Ice

Security checks across malware telemetry and agentic risk

Overview

The skill’s ad analytics purpose is coherent, but its deep research mode sends the user’s AdMapix API key and query context to a separate service without clear user-facing disclosure or consent.

Review before installing. Basic AdMapix queries appear purpose-aligned, but deep research may send your API key, prompt, and business context to deepresearch.admapix.com. Use a scoped or easily revocable key, avoid sensitive context, and seek publisher clarification on key handling, retention, and consent for deep research mode.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill explicitly instructs forwarding the user's AdMapix API key to a secondary service at deepresearch.admapix.com, which is outside the manifest's stated api.admapix.com scope. This expands credential exposure and trust boundaries without clear necessity, consent, or minimization, creating a real risk of key misuse, retention, or compromise.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The README presents many natural-language example phrases that are also listed as triggers, including broad terms like ad analysis, market analysis, revenue, and competitor analysis. If the platform maps these loosely, normal user conversation can unintentionally invoke the skill, causing unexpected external API calls and disclosure of user prompts or context to the AdMapix service.

Missing User Warnings

High
Confidence
99% confidence
Finding
The instructions send the user's API key to an external deep-research service without a clear user-facing warning or opt-in. That means sensitive credentials are shared beyond the primary API context invisibly, which violates least privilege and can lead to unauthorized reuse or broader compromise if the secondary service is breached.

Ssd 3

High
Confidence
100% confidence
Finding
This is a direct secret-handling flaw: the user's API key is embedded into a request body sent to another service. Forwarding long-lived credentials to secondary systems materially increases the attack surface, logging exposure risk, and blast radius if that system or its telemetry is compromised.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.