Security audit

Shopping in Sweden

Security checks across malware telemetry and agentic risk

Overview

This skill is upfront about shopping automation, but it can read stored personal and payment data and automate real checkout payments with low-level browser control.

Install only if you intentionally want an agent to help make real purchases. Before use, remove any live or hardcoded card values, avoid storing card details in plaintext files, set strict merchant and spending limits, and require explicit approval immediately before any payment-submitting action.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Context-Inappropriate Capability

High

Confidence: 98% confidence
Finding: This document provides explicit instructions and code for using CDP to circumvent browser same-origin protections on payment-provider iframes and then automate sensitive actions such as clicking payment buttons and interacting with checkout flows. In the context of an agent skill, this is dangerous because it enables unauthorized manipulation of third-party payment surfaces and creates a direct path to fraudulent purchases or unauthorized transaction initiation.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger phrases are broad enough to activate on common shopping requests, which can cause the skill to engage in high-risk actions such as reading private files and initiating purchases without a narrowly scoped invocation. In this skill, broad triggering is especially dangerous because the skill has access to sensitive personal and payment data and includes instructions for completing checkout flows.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The skill explicitly instructs reading sensitive personal data and payment card files from fixed local paths without an explicit, informed privacy warning or just-in-time consent. This creates a direct risk of unauthorized access to personal and financial information, and the risk is amplified by the skill's end-to-end purchasing and payment capabilities.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The document instructs automated entry of payment card data and explicitly references reading card details from a private directory, normalizing the handling of highly sensitive financial secrets without warning, consent checks, or data-protection controls. In an agent skill, this increases the risk of secret harvesting, accidental disclosure, and unauthorized payment attempts using stored card data.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal