Back to skill

Security audit

GTS Ecommerce Price Monitor

Security checks across malware telemetry and agentic risk

Overview

This is a coherent e-commerce price-monitoring skill that stores tracking data locally and can set up scheduled scans when requested.

Install only if you are comfortable storing competitor URLs, alert rules, price history, and reports in the workspace. Confirm any recurring cron schedule before enabling it, review where alerts are sent, and avoid sending sensitive product strategy data through third-party notification channels unless intended.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Low
Confidence
92% confidence
Finding
The skill instructs the agent to persist competitor product URLs, alert rules, and price history to local files without clearly warning the user that this data will be stored on disk. While the stored data is not highly sensitive by default, URLs and monitoring targets can reveal business strategy or commercial intelligence, so undisclosed persistence creates a privacy and operational transparency issue.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The file explicitly instructs the agent to create a recurring cron job that will continue running scans and generating reports on an ongoing basis. Even though the intended use is legitimate automation, this creates persistence and filesystem-modifying behavior without any warning, confirmation, or guardrails around consent, schedule scope, resource usage, or where outputs will be written.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.