Security audit

Affiliatematic

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward guide for adding a third-party Amazon affiliate recommendation widget, with privacy and trust considerations but no evidence of hidden or malicious behavior.

Install only if you trust affiliatematic.com to run JavaScript on your site. Test on staging first, avoid private or regulated pages until you understand how page content is processed, and treat the performance and revenue claims as marketing claims unless independently verified.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill states that the system 'automatically analyzes webpage content' to generate recommendations, but it does not clearly warn users that page content is transmitted to a third-party service for analysis. This creates a privacy and compliance risk because site operators may deploy it on pages containing sensitive, regulated, or proprietary content without informed consent or appropriate disclosure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal