Back to skill

Security audit

Ebay Sold Listings Search

Security checks across malware telemetry and agentic risk

Overview

This skill mostly does what it claims, but it also tells agents to use stealth browsers, proxies, and IP changes to keep scraping when eBay blocks access.

Install only if you are comfortable with an agent browsing eBay, collecting sold-listing data, and writing local result files. Avoid using the stealth browser, proxy, IP-switching, or distributed scraping guidance; stop instead when eBay shows challenges, rate limits, or regional refusal pages.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
85% confidence
Finding
The skill clearly performs network-capable browser automation and scraping, yet the metadata does not declare permissions or otherwise warn that external network access is required. This creates a transparency and governance gap: an agent or reviewer may authorize the skill under incomplete assumptions, increasing the risk of unintended browsing, scraping, or policy violations.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill advises switching to stealth browsers and different IPs when blocked, which is effectively guidance for circumventing anti-bot and regional access controls. In context, that materially increases abuse potential by helping an agent persist through defensive measures rather than failing safely when scraping is challenged.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The documentation claims the skill does not bypass access controls, but elsewhere recommends stealth/proxy tactics to get past challenge pages and regional refusal behavior. That contradiction is dangerous because it downplays the true operational risk and can mislead reviewers or agents into treating access-control circumvention as acceptable.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The recommendation to distribute scraping across multiple stealth browsers with independent fingerprints/proxies operationalizes large-scale evasion and throughput scaling. That goes beyond ordinary user-assistance scraping and enables more resilient, harder-to-detect bulk collection against a target site's defenses.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The activation text is broad enough to trigger on generic appraisal, pricing, or market-research requests that do not explicitly ask for eBay sold-listing scraping. That increases the chance of unexpected tool use, causing the agent to browse/scrape external sites when the user may have intended a higher-level analysis or a different data source.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs persisting collected results to disk to survive interruptions, but it does not clearly disclose this local storage behavior to the user. Silent persistence can retain search terms and scraped marketplace data longer than expected, creating privacy, retention, and workspace contamination risks.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill tells the agent to append execution notes to a memory file without a clear upfront warning that local files may be modified. Even if it avoids recording keywords, unsignaled file writes can leak operational context, create persistent state across runs, and surprise users who expected a read-only skill.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.