Back to skill

Security audit

Ecommerce Logistics

Security checks across malware telemetry and agentic risk

Overview

This shopping-logistics skill mostly does what it claims, but it needs review because it uses stealth browser automation and stores sensitive shopping-session data with weak controls.

Review before installing. Use only if you are comfortable letting the skill log into shopping accounts, reuse stored sessions, and automate sites with stealth settings. Treat the cookie directory and QR images as sensitive, remove the Douyin debug file writes, and avoid all-platform/headless runs unless you accept the account, privacy, and platform-policy risks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (10)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The adapter injects stealth fingerprint-evasion logic by overriding browser-identifying properties such as navigator.webdriver, navigator.plugins, and permissions behavior. For a logistics-query skill, this is not required for core functionality and increases risk because it is explicitly designed to bypass bot-detection and site anti-automation controls on third-party e-commerce platforms, which can facilitate unauthorized scraping or account access workflows.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The adapter captures a full screenshot and full HTML of the authenticated Douyin orders page and writes them to fixed local files under the user's home directory. Because this page can contain order details, tracking numbers, account information, and other session-visible data beyond what is needed for logistics lookup, the skill is persistently storing sensitive data outside its stated purpose, increasing exposure to local compromise, unintended retention, and later reuse.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
This file implements broad anti-detection behavior for browser automation, including disabling web security and site isolation, spoofing browser fingerprints, hiding Playwright markers, and faking runtime/plugin properties. For a logistics order-query skill, this exceeds normal compatibility needs and can be used to evade platform bot detection and weaken browser security boundaries, increasing abuse potential and exposure if hostile content is loaded.

Context-Inappropriate Capability

Low
Confidence
93% confidence
Finding
The browser context unconditionally sets a spoofed Shanghai geolocation and grants geolocation permission even though package tracking does not require location access. This creates unnecessary sensitive-capability exposure and may misrepresent the user's physical context to third-party sites without consent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Persistent storage of authentication cookies and QR-login screenshots is sensitive because these artifacts can enable account takeover, session hijacking, or disclosure of personal order data if the local machine or storage path is accessed by another process or user. The lack of a clear warning and consent flow makes this more dangerous in context because the skill handles real e-commerce accounts and long-lived sessions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code silently writes complete page artifacts to disk without any user-facing notice, even though the skill is intended to query logistics data rather than archive full account pages. In the context of an e-commerce tracking skill with persistent cookies and authenticated sessions, undisclosed local retention of full order-page content materially increases privacy risk and exceeds user expectations.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
This adapter programmatically accesses a logged-in user's PDD order history and extracts detailed order, merchant, product, status, price, and logistics information. In the context of a skill that supports persistent cookie storage and QR-code login, collecting account data without an explicit consent gate or data-minimization boundary in this flow increases privacy risk and can expose sensitive purchase history if invoked unexpectedly or by a broader agent workflow.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This code persists full browser authentication cookies for shopping platforms to disk in plaintext JSON with no encryption, permission hardening, or explicit consent flow. In the context of an e-commerce logistics skill, those cookies may grant access to order history, personal profile data, addresses, and account actions; theft of the file or local compromise could enable account hijacking or privacy breaches.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The QR login code is captured and written to disk as an image without a clear opt-in or cleanup. A saved QR artifact can expose login flow details and, if accessed quickly by another local user or process, may allow unauthorized scanning or leak sensitive session-related information; at minimum it creates unnecessary sensitive residue on disk.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The code forces locale, timezone, and nearby environmental attributes to Chinese/Shanghai values without user choice or disclosure. In a multi-platform ecommerce skill, this can misrepresent the user's identity or region, affect account/session behavior, and reduce transparency around how the agent interacts with external services.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.