Haresh Checkout Flow
Security checks across malware telemetry and agentic risk
Overview
The skill is a coherent checkout integration, but it can trigger payment/order processing through a local webhook before a clear final user confirmation step.
Install only if you control and trust the local n8n checkout workflows. Before use, require the agent to show the full order summary and get explicit confirmation before calling checkout-process, and verify the webhook does not receive or log full payment details unnecessarily.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.