Back to skill

Security audit

Gurkerl

Security checks across malware telemetry and agentic risk

Overview

This grocery-shopping skill appears coherent, but it deserves Review because it asks for account passwords and exposes order, payment, support, and URL-fetching actions without enough safety guidance.

Install only if you trust the Gurkerl CLI/MCP endpoint and are comfortable giving an agent grocery-account credentials. Protect any password stored in environment or systemd files, and require explicit approval before orders, payment changes, cancellations, claims, credits, deposit changes, ratings, feedback, URL fetches, or support emails are executed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill exposes numerous state-changing and transactional actions such as cart modification, checkout submission, order repetition/cancellation, payment-method updates, support emails, and claims, but does not warn that these operations can place orders, alter account state, or trigger customer-service actions. In an agentic context, this increases the risk of accidental purchases, unauthorized account changes, or social-engineering-style misuse if a downstream agent invokes these tools without explicit user confirmation.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The setup instructions tell users to store an account email and password in environment variables and persist them in a systemd service override, but provide no warning about secret exposure risks. Environment variables and service configuration can be readable by local users, exposed via debugging/process inspection, copied into backups, or mishandled in logs, which is especially sensitive because the credentials grant purchasing and account-management access.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.