Browser E Commerce

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed shopping price-comparison helper that uses browser access to public product pages and does not include code, persistence, credential use, or hidden data handling.

Reasonable to install if you want a browser-assisted shopping comparison skill. Be aware that broad shopping phrases may select it more often than intended, and product searches may still be visible to the shopping sites being visited even though the skill says it avoids login, carts, orders, and personal account data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger phrases are broad enough to match ordinary shopping queries, which can cause the skill to activate when the user did not explicitly intend to invoke it. In a browser-automation skill, unintended activation is riskier than a normal text-only skill because it may initiate web navigation and data collection from shopping sites without clear user consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal