Back to skill

Security audit

Taobao Product Reviews

Security checks across malware telemetry and agentic risk

Overview

This skill automates viewing and extracting Taobao/Tmall review data already available in a logged-in browser, with only limited local operational notes.

Install only if you are comfortable running browser automation in a logged-in Taobao session. Review the local memory path if you do not want operational notes retained, and be mindful that extracted reviews and photos may include user-generated content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Context-Inappropriate Capability

Low
Confidence
91% confidence
Finding
The skill instructs the agent to read and append to a persistent local memory file that is not necessary for the core task of extracting Taobao reviews. Even though the content appears operational, this creates an unnecessary side channel for storing session-derived data and can lead to cross-task data leakage, unintended retention of sensitive browsing context, or abuse by a modified skill to persist arbitrary information.

Intent-Code Divergence

Low
Confidence
84% confidence
Finding
The skill claims its boundary is limited to reading data shown in the browser, but later directs the agent to write execution notes to a local file. This mismatch weakens trust assumptions and can conceal broader agent capabilities, making it easier to justify unexpected persistence behavior or smuggle data into local storage under the guise of harmless operational logging.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.