eBay

Security checks across malware telemetry and agentic risk

Overview

This is an informational eBay advice skill with no executable code, account access, persistence, or hidden data handling.

Safe to install as an advisory skill, but review its shipping recommendations before relying on them. In particular, country-specific exclusion advice should be checked against eBay policy, carrier availability, sanctions/export rules, objective loss data, and applicable anti-discrimination obligations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 95% confidence
Finding: The guidance labels specific countries as inherently "high fraud/loss risk" and recommends excluding them without evidence, user-configurable criteria, or a neutral risk framework. In a commerce/shipping skill, this can normalize discriminatory decision-making and cause users to deny service based on nationality rather than objective shipping reliability, fraud signals, or carrier constraints.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal