Back to skill

Security audit

Order Tracker

Security checks across malware telemetry and agentic risk

Overview

The skill is a disclosed local order-tracking tool that updates order files and can send customer emails, but users should review its SMTP credential setup and customer-data handling.

Use this only for order data you are comfortable storing in local JSON, logs, and backups and sending through the configured SMTP account. Prefer a dedicated sender credential for this skill, run dry-runs first, verify recipients, and remove or replace bundled sample customer data before production use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The skill description materially understates and misstates behavior: it modifies local order data, writes logs, and reads SMTP credentials from another skill's `.env`, while claiming unsupported features like order creation and Discord notifications. This kind of mismatch can cause operators or an agent to invoke the skill with incorrect trust assumptions, leading to unintended data modification, outbound communication, or secret exposure risk through cross-skill credential use.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script loads SMTP secrets from another skill's .env file, creating cross-skill secret coupling and violating isolation boundaries. This increases the blast radius of compromise: anyone able to run or modify this skill can implicitly consume credentials intended for a different component, which is a real credential exposure and misuse risk.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The script transmits customer and order details by email and persists notification metadata back to disk, yet there is no explicit confirmation or data-minimization control near execution. In this order-management context, that increases the chance of unintended disclosure of PII, shipping data, and commercial details through operator error, misconfiguration, or insecure local storage.

Ssd 3

Medium
Confidence
95% confidence
Finding
The README documents a concrete local path to a `.env` file containing SMTP credentials and even shows the expected secret names and account identifier. In an agent setting, natural-language instructions that point to secret-bearing files can prompt downstream agents or users to access sensitive configuration they do not strictly need, increasing the risk of credential disclosure or misuse for unauthorized email sending.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.