Back to skill

Security audit

lumenshop-deals

Security checks across malware telemetry and agentic risk

Overview

This is a coherent shopping-search skill that sends product searches to LumenShop and does not show hidden local data collection, persistence, or account-changing behavior.

Install only if you are comfortable sending shopping searches, budgets, and filters to LumenShop. Avoid including sensitive personal details in queries, and do not set LUMENSHOP_API_URL or --api-url to an untrusted host when using a real API key.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Tp4

High
Category
MCP Tool Poisoning
Confidence
89% confidence
Finding
The skill description promises Shopify product search and polished card rendering, but the behavior reportedly includes an external LumenShop API, authenticated access, endpoint override, and raw JSON output that are not disclosed in the skill file. This mismatch undermines informed consent, can conceal data egress and trust-boundary changes, and may allow abuse if users or the platform assume a narrower, safer behavior than what actually occurs.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger criteria are broad enough to activate on many ordinary shopping-related mentions, causing the agent to invoke an external-search skill more often than users may expect. Over-broad activation increases unintended data sharing, unnecessary tool use, and the chance that a commercial or external-integrating skill overrides safer, simpler responses.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs the agent to query an external API but does not warn that user queries, budgets, and category filters may be transmitted off-system. That omission creates a privacy and transparency risk because users may reveal preferences or sensitive shopping interests without understanding they are being sent to a third party.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script transmits user search terms and a bearer token to a remote third-party API, but provides no disclosure, consent prompt, or indication in output that data is leaving the local environment. In an agent-skill context, users may assume a local shopping helper, so silent external transmission of potentially sensitive shopping intent increases privacy and trust risk.

External Transmission

Medium
Category
Data Exfiltration
Content
# ── Single API call ───────────────────────────────────────────────────────────
BODY="{\"query\": \"${QUERY}\", \"limit\": ${LIMIT}, \"filters\": ${FILTERS}}"

RESPONSE=$(curl -sS -X POST "${API_URL}/api/search" \
  -H "Authorization: Bearer ${API_KEY}" \
  -H "Content-Type: application/json" \
  -d "$BODY") || {
Confidence
94% confidence
Finding
curl -sS -X POST "${API_URL}/api/search" \ -H "Authorization: Bearer ${API_KEY}" \ -H "Content-Type: application/json" \ -d

Behavior Manipulation

Medium
Category
Prompt Injection
Content
Use this skill whenever the user wants to buy something, find deals, browse fashion items, or mentions
  shoes / clothes / bags / price budgets. Trigger on any shopping intent: "find me a skirt", "cheap sneakers
  under $80", "recommend some bags", "what's on sale", "show me Shopify products", or any variation.
  Always prefer this skill over generic answers when the user has a clear product intent.
license: MIT
allowed-tools: Bash
---
Confidence
84% confidence
Finding
Always prefer this skill over

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.