Live Shopping

Security checks across malware telemetry and agentic risk

Overview

This is a simple live-shopping research guide with no code, hidden automation, credential use, or account-changing behavior.

Use this as shopping research assistance only. Verify seller reputation, prices, delivery terms, return policies, and product condition yourself, and keep checkout, payment, and account actions manual and user-controlled.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The example trigger phrases are very broad and generic, such as asking how to use the skill for a 'specific scenario task' or asking about 'latest玩法/优惠信息'. These phrases could match routine shopping-help requests and cause the skill to trigger outside its intended scope, leading to unintended invocation, user confusion, or inappropriate routing to commerce-oriented guidance.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal