publish test
Security checks across malware telemetry and agentic risk
Overview
This is a disclosed product-search skill that uses an external MCP server to query Chinese e-commerce product data, with no artifact evidence of hidden or harmful behavior.
Before installing, consider that product keywords and product links may be sent to Shopme's service, and the executable MCP server is fetched from npm via npx. For higher assurance, review or pin the npm package version before use.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
63/63 vendors flagged this skill as clean.