Back to skill

Security audit

Amazon Search Listing

Security checks across malware telemetry and agentic risk

Overview

The skill mainly extracts visible Amazon listing data, but it also gives agents anti-detection scraping guidance that users should review before installing.

Install only if you are comfortable with an Amazon scraping skill that may automate multiple pages and create local output files. Avoid using the stealth-session, fingerprint-variation, or proxy-sharding guidance unless you have confirmed the activity is authorized and compliant with applicable site terms and policies.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill documentation goes beyond ordinary listing extraction and explicitly instructs operators to use stealth browser sessions, fingerprint variation, and proxy sharding to increase throughput while avoiding Amazon rate limits. That materially expands the capability from benign page reading into anti-detection scraping behavior, creating misuse risk and bypass-oriented guidance not disclosed in the skill metadata.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The instructions directly advise evading platform protections through stealth sessions, different fingerprints, and proxy IP sharding. Even if framed as throughput optimization, this is operational guidance for circumventing anti-abuse controls, which increases the likelihood of unauthorized large-scale scraping and account or network abuse.

Vague Triggers

Medium
Confidence
72% confidence
Finding
The activation text is extremely broad and includes many generic Amazon-related phrases, which can cause the skill to trigger for requests that are not specifically asking for search listing extraction. Over-broad invocation increases the chance that scraping behavior is applied unexpectedly or in contexts the user did not intend, especially given the skill's multi-page automation features.

Missing User Warnings

Low
Confidence
81% confidence
Finding
The skill instructs the agent to write bash scripts and persist page-level JSON outputs without clearly requiring user consent or warning that local files will be created. This can lead to unexpected modification of the working directory, accidental retention of scraped data, and reduced transparency about side effects during execution.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.