Qfc Order

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent QFC grocery-order automation, but it needs review because it can act in a logged-in shopping session and leaves final order-related steps underspecified.

Install only if you are comfortable letting an agent control your logged-in QFC tab. Watch the session, require explicit confirmation before any final submit/place-order action, verify store, items, quantities, substitutions, slot, fees, and total, then disconnect the browser relay and clear qfc-state.json if you do not want order details retained.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The skill explicitly documents persistent storage of order data in `skills/qfc-order/qfc-state.json` but does not warn the user that shopping and order metadata may be retained locally. While this is not an active exploit, it is a real privacy/security weakness because the file may contain store selection, cart contents, scheduled pickup slot, and potentially order identifiers or totals that could be exposed to other local users, backups, or logs.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal