Back to skill

Security audit

Etsy Keyword Search

Security checks across malware telemetry and agentic risk

Overview

This Etsy scraping skill is not malware, but it needs review because it includes anti-bot evasion guidance and persistent bulk-scraping workflows beyond a simple visible-page extractor.

Install only if you intentionally want browser-based Etsy scraping and are comfortable managing platform terms, rate limits, and local output files. Avoid using the stealth, proxy, or fingerprint-rotation guidance to bypass anti-bot blocks; if Etsy presents verification, stop rather than escalating automation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Tp4

High
Category
MCP Tool Poisoning
Confidence
92% confidence
Finding
The documented purpose and actual operational instructions diverge in ways that materially affect risk: the skill can be used on broader Etsy page types, exposes extra collection behavior, and includes anti-bot detection/evasion handling not reflected in the description. That mismatch can cause operators or downstream policy systems to underestimate what the skill does and approve use under false assumptions, especially for scraping and anti-bot-sensitive contexts.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill explicitly recommends stealth browser sessions, proxy rotation, and human-mimicking delays to reduce detection by Etsy's anti-bot systems. Those are evasion tactics, not mere extraction instructions, and they increase the likelihood the skill will be used to circumvent platform protections and scrape at scale in ways the target is trying to prevent.

Intent-Code Divergence

High
Confidence
96% confidence
Finding
The operational-boundary section claims the skill only reads what is already visible and never bypasses access controls, but elsewhere the file recommends anti-bot evasion measures. This contradiction is dangerous because it can mask risky behavior behind reassuring language, reducing scrutiny and making unsafe scraping practices appear policy-compliant.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The invocation text is broad enough to activate on generic market-research or supplier-discovery requests, which can cause the skill to run in contexts broader than explicit Etsy keyword search. Overbroad triggering increases the chance of unintended scraping, unnecessary data collection, or use in situations where the user did not specifically request this site-specific automation.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill tells the agent to save per-page scraped results to local files without clearly warning the user that files will be created. Undisclosed local persistence can surprise users, leak sensitive business queries or collected data into the filesystem, and create retention issues on shared or managed environments.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill directs writing execution notes to a persistent memory file without a clear user-facing warning or consent flow. Even though it says not to record keywords or counts, persistent notes can still reveal operational details, environment behavior, or future-use metadata that users may not expect to be stored locally.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.