Back to skill

Security audit

Amazon Product Detail

Security checks across malware telemetry and agentic risk

Overview

The skill is a functional Amazon product scraper, but it includes guidance for proxies, stealth sessions, and CAPTCHA retry behavior that goes beyond simple user-visible page extraction.

Review before installing if you do not want agents to perform scaled Amazon scraping or use proxy/stealth techniques. The extraction script itself appears limited to the current page DOM, but the operating instructions encourage behavior that may violate site rules or trigger anti-bot systems.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill explicitly recommends multi-session stealth sessions, proxies, sharding, and delay tuning to reduce anti-scraping pressure. That goes beyond ordinary browser automation and materially facilitates evasion of site defenses, making the skill usable for scaled scraping activity that may violate platform controls and increase abuse potential.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The skill states an operational boundary of only reading data already visible to the user, but later instructs operators to use proxies and multiple stealth sessions to fetch localized values and scale extraction. This contradiction is risky because it downplays the true capability while embedding guidance for broader collection and defense evasion, which can mislead reviewers and encourage misuse.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.