Back to skill

Security audit

Ebay Search Listing

Security checks across malware telemetry and agentic risk

Overview

This skill mostly extracts public eBay listing data, but its instructions also encourage anti-bot evasion through captcha escalation and multiple stealth browser sessions.

Review before installing if you intend to use it at scale. The extraction script itself appears limited to reading visible eBay listing fields, but the operating instructions encourage working around anti-bot friction. Use only where you have permission, avoid stealth or captcha-bypass workflows, set explicit item/page caps, and clean up any saved result or memory files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill explicitly advises anti-detection behavior such as keeping traffic patterns 'natural' and using multiple stealth browser sessions with independent fingerprints to distribute work. That goes beyond simple extraction of visible page content and materially enables evasion of platform anti-bot controls, increasing the likelihood of abusive large-scale scraping and policy circumvention.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The skill claims it only reads on-screen data and never bypasses access controls, yet later instructs captcha escalation, remote assistance, and stealth scaling across multiple browser fingerprints. This contradiction is dangerous because it masks more aggressive scraping behavior behind reassuring language, making misuse easier and reducing operator caution about crossing anti-bot boundaries.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The skill recommends saving page-by-page results to local files without clearly warning the user that data will be persisted on disk. This can create unintended local retention of scraped marketplace data, exposing sensitive work product, query history, or regulated datasets to later access by other tools or users on the same system.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The experience-notes workflow instructs the skill to read from and append to a local memory file automatically, without a clear user-facing notice or consent. Undisclosed local file access is risky because it creates a covert persistence channel across runs, can leak prior operational context, and may accumulate sensitive information or anti-detection tactics over time.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.