Back to skill

Security audit

Sellersprite Api

Security checks across malware telemetry and agentic risk

Overview

This appears to be a purpose-aligned SellerSprite research skill, but users should understand that their research inputs may be sent to SellerSprite.

Install this if you intentionally want SellerSprite-backed Amazon research. Avoid entering confidential product plans, private ASIN lists, or sensitive market terms unless you are comfortable sharing them with SellerSprite through the configured API key.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list includes very broad phrases like 'product research', 'market analysis', and 'keyword research', which can match many ordinary user requests and cause this skill to activate unexpectedly. Because the skill sends queries to an external API using a configured secret key, overbroad activation can result in unintended third-party data disclosure and unnecessary API usage.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill documentation describes commands and required secret-key configuration but does not clearly warn that user-supplied keywords, ASINs, and related research inputs will be transmitted to the external SellerSprite API. This can mislead users about where their data goes and increases the risk of unintentional sharing of business-sensitive research terms or identifiers with a third party.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.