成交商品画像分析

Security checks across malware telemetry and agentic risk

Overview

This retail analytics skill appears purpose-aligned, but it should be reviewed because it loads an undeclared local API client outside the package to access store BI data.

Install only if you trust and can inspect the external api_client at the hardcoded local path, and confirm it uses only the store BI permissions you expect. The analytics behavior itself is coherent, but the undeclared dependency and business-data access warrant review before use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Context-Inappropriate Capability

High

Confidence: 97% confidence
Finding: The skill prepends a hard-coded local filesystem path to sys.path before importing code, which allows execution to depend on external, mutable code outside the skill package. In an agent environment, this weakens supply-chain integrity and can result in unintended or malicious code being imported if that path is compromised or differs across hosts.

Vague Triggers

Medium

Confidence: 78% confidence
Finding: The trigger conditions are broad enough to match many ordinary retail-analysis requests, increasing the chance this skill activates when the user did not specifically request this dataset or analysis path. Over-broad invocation can cause unnecessary access to store BI data and produce analysis outside the user’s intent, which is a security and privacy boundary issue in agent systems.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal