Dropshipping

Security checks across malware telemetry and agentic risk

Overview

This is an informational dropshipping guide, not a tool that installs code, requests credentials, or performs actions by itself.

Safe to install as a reference guide. Before using it with real store, marketplace, supplier, ad, payment, or customer-service accounts, use least-privilege access and require manual confirmation for orders, refunds, listings, customer-data access, supplier changes, and account settings.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Autonomous Decision Making

Medium

Category: Excessive Agency
Content: | Risk | Prevention | |------|------------| | 5-20% defect rate from AliExpress | Factor into margins, clear replacement policy | | Toxic materials | Require CE, CPSC certifications. Don't sell children's products without verification | | Product differs from photos | Use YOUR OWN photos, accurate descriptions with measurements | ## Reputational Risks
Confidence: 75% confidence
Finding: without verification

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal