Back to skill

Security audit

Novai360 跨境电商智能分析

Security checks across malware telemetry and agentic risk

Overview

This market-analysis skill appears purpose-aligned, but it sends both user prompts and surrounding agent context to a remote API without clear limits or disclosure.

Review before installing. Use it only if you are comfortable sending market questions, product ideas, and possible surrounding agent context to NOVAI360 or a configured custom endpoint. Avoid using it in conversations that include confidential business plans, customer data, credentials, private messages, or sensitive identifiers unless the publisher narrows and clearly documents what context is transmitted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The invocation examples and behavior description are broad enough to match generic market-related requests, which can cause the skill to activate unexpectedly for ordinary user queries. This increases the chance that user prompts are routed to external analysis or market-data services without the user clearly intending to use this skill.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill states that it integrates LLM and market-data services but does not clearly warn users that their queries may be transmitted to external third-party systems. This can lead to unintended disclosure of business-sensitive or personal information, especially because the skill also advertises automatic tool invocation and no API key requirement.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill sends the full user input and provided context to a remote `/chat` endpoint, which can expose sensitive prompts, secrets, or internal state to an external service without any visible consent, minimization, or disclosure. This is especially risky because `context` may contain privileged agent data and the endpoint can be redirected through an environment variable, expanding the trust boundary beyond the local skill.

Missing User Warnings

Low
Confidence
81% confidence
Finding
Using an environment-controlled base URL for the API allows deployment-time redirection of all skill traffic to an untrusted host, which could capture user messages and context. While environment-based configuration is common, the absence of validation or allowlisting makes this a real exfiltration and trust-boundary risk in a skill that forwards potentially sensitive data.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
index.js:3