Back to skill

Security audit

Filtmall Shopping

Security checks across malware telemetry and agentic risk

Overview

This shopping skill is purpose-aligned, but it can affect purchases, orders, payments, and saved addresses with broad implicit activation and incomplete confirmation gates.

Install only if you are comfortable letting an agent use your Filtalgo account for shopping workflows. Review cart, checkout, address, cancellation, refund, and after-sale actions before execution, avoid ambiguous shopping prompts, and treat the bundled dev OAuth secrets as exposed public configuration rather than private credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill advertises very broad activation for browsing, buying, paying, order management, logistics, address management, cancellation, refunds, and after-sale actions. Overly broad triggering can cause the agent to invoke a high-impact commerce skill in ambiguous contexts, increasing the chance of unintended purchases, payment initiation, or account/order modifications without sufficiently explicit user intent.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill documents commands that create, update, and delete saved addresses containing personal data, but it does not explicitly require a user warning or confirmation before modifying that information. In a commerce context, silent or weakly-confirmed address changes can expose sensitive personal data, redirect shipments, or disrupt orders if the skill is triggered incorrectly or used with ambiguous instructions.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The default prompt uses a broad, everyday phrase ('help me find and buy a product') tied to a shopping skill with implicit invocation enabled, which increases the chance the skill is triggered in situations the user did not clearly intend. Because this skill can initiate high-impact commerce actions such as purchases, payments, order management, and refunds, accidental invocation could lead to unintended transactional behavior or exposure of sensitive account operations.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill embeds OAuth client secrets directly in distributed code for `local` and `remote-dev` profiles. Any user or attacker with access to the package can recover these secrets and use them outside the intended client, enabling unauthorized token issuance or abuse of privileged OAuth client configuration, especially in dev environments where controls are often weaker.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
`checkout cancel <id>` performs a state-changing cancellation without requiring `--confirm`, unlike other destructive operations such as cart clear, address delete, order cancel, and aftersale cancel. In an agent-driven context, this increases the risk of accidental or prompt-induced order cancellation with minimal user friction.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec, suspicious.exposed_secret_literal

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
assets/filtalgo-cli.cjs:7431

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/filtalgo.js:64

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
assets/filtalgo-cli.cjs:341