Back to skill

Security audit

eBay Agent

Security checks across malware telemetry and agentic risk

Overview

The executable tool is mostly a disclosed eBay research helper, but bundled reference material teaches live seller-side actions that go beyond the advertised research-only purpose.

Install only if you want an eBay research CLI and are comfortable providing eBay developer credentials and storing watch searches locally. Treat the seller API reference sections as out of scope for normal use; do not provide seller OAuth tokens or run listing, order, or webhook examples unless you intentionally want account-changing seller operations and have tested in sandbox first.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Tp4

High
Category
MCP Tool Poisoning
Confidence
82% confidence
Finding
The top-level description frames the skill as a research agent for searching and valuation, but the documented commands also persist watchlists to the local filesystem and later re-query live data. That mismatch can mislead users and security tooling about stateful behavior and data retention, reducing informed consent and increasing the chance of unintended local data exposure or surprise persistence.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The cheatsheet documents seller-side capabilities such as listing creation, fulfillment, and notifications even though the skill is described as a research-only agent. That scope expansion is dangerous because an agent or downstream integrator could adopt these documented actions and perform real account-affecting operations that users would not expect from a read-oriented skill.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
This section provides a concrete workflow for creating and publishing live eBay listings, which exceeds the declared search and valuation role. In an agent context, actionable write-capability documentation can enable unauthorized or accidental marketplace actions, including posting listings to a real account.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The fulfillment section documents operational seller actions such as retrieving open orders and marking orders as shipped, which are outside a research-only scope. These actions affect real commerce workflows and could cause fraud, shipment misrepresentation, or business disruption if used by an over-permissioned agent.

Description-Behavior Mismatch

Low
Confidence
90% confidence
Finding
Webhook subscription guidance introduces a persistent seller-notification capability unrelated to search and valuation. While less immediately destructive than listing or fulfillment actions, it expands scope and can create unintended data flows and event handling pathways.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The watch feature writes persistent data to ~/.ebay-agent/watches.json, but the overall skill description does not prominently warn users that commands will store data in their home directory. While the stored content is not highly sensitive by itself, undisclosed persistence can create privacy surprises, leak shopping interests to other local users/processes, and violate user expectations for a search tool.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The markdown gives copy-paste-ready instructions for creating live listings and marking orders as shipped without prominent warnings that these are state-changing actions affecting real user accounts and transactions. In an agent ecosystem, omission of such warnings materially increases the chance of accidental misuse or unsafe automation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.