Taobao Product Detail

Security checks across malware telemetry and agentic risk

Overview

The skill is transparent about extracting Taobao/Tmall product data, but it also encourages logged-in batch scraping and database-style collection without clear limits.

Install only if you are comfortable using your logged-in Taobao/Tmall browser session for automated product-data collection. Keep use user-directed, low-volume, and consistent with site rules; avoid unattended bulk scraping or building large datasets without authorization.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The skill goes beyond a single-item detail lookup and explicitly instructs users to orchestrate serial batch scraping, persistence, and resume logic. That expands the capability from a narrow retrieval task into scalable data collection, increasing abuse potential for mass scraping, price-monitoring, and database building against a logged-in commercial site.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The activation description is overly broad, including product database building, price tracking, comparison research, and generic scraping requests rather than just fetching details for a user-specified item page. This increases the chance the agent will invoke the skill in higher-scale or more compliance-sensitive contexts than intended, effectively widening the operational envelope without additional safeguards.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal