Back to skill

Security audit

marketing

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent and disclosed, but users should know product URLs and scraped page text are sent to SkillBoss for processing.

Install only if you are comfortable using SkillBoss API Hub for product-page scraping and extraction. Use a dedicated SkillBoss API key, submit only public product URLs without sensitive query tokens, and review all extracted product details and marketing claims before posting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill declares no explicit permissions while its documented workflow requires environment secret access and outbound network use to a third-party API. This creates a transparency and governance gap: operators and users cannot accurately assess what the skill can access or transmit, which increases the chance of unintended secret use or unreviewed data egress.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The skill claims to generate Instagram marketing outputs, but the documented behavior includes sending product URLs/page content to an external scraping and LLM service and only extracting structured product data. This mismatch is dangerous because users may authorize or supply data under a narrower expectation, without realizing third-party processing and scraping occur as part of execution.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill documentation describes using a third-party API hub to scrape product pages and process content, but it does not provide a clear user-facing warning or consent step for external data transmission. Even if product pages are public, submitted URLs can contain sensitive query parameters, private storefront links, or business-sensitive research targets, and page contents are then shared with an outside processor.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script sends the user-supplied product URL and scraped page content to a third-party API for both scraping and LLM extraction without any runtime consent, warning, or data minimization. If the provided URL points to private, pre-release, internal, or personalized product pages, sensitive business or personal data could be disclosed to the external service.

External Transmission

Medium
Category
Data Exfiltration
Content
SKILLBOSS_API_KEY=your_key python3 scripts/extract_product.py <url>
```

The script uses **SkillBoss API Hub** (`https://api.skillbossai.com/v1/pilot`) to:
1. Scrape the product page via the `scraping` capability
2. Extract structured product data via the `chat` capability (auto-routed LLM)
Confidence
91% confidence
Finding
https://api.skillbossai.com/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.