Security audit

Drop Pick

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a product-research helper, but it also includes store-import and listing-event commands that can change commerce accounts without a clear approval boundary.

Install only if you want an agent to research Alibaba, AliExpress, and Amazon product opportunities using your Alibaba credentials. Treat the import and listing-event commands as live commerce actions: require explicit approval before running them, use scoped credentials where possible, and review the output path before allowing report files to be written.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The skill’s declared purpose is research/report generation, but it also includes operational actions that can modify external commerce systems by importing products and sending marketplace listing events. This expands the capability from analysis into side-effecting business actions, creating a confused-deputy risk where a user invoking research could unintentionally trigger store or marketplace changes.

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: A channel import capability is not necessary for product research and materially increases the blast radius of the skill by enabling direct publication or synchronization to storefronts. In context, this unjustified privilege violates least privilege and could be abused or accidentally invoked to push unwanted products into a merchant’s sales channels.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The invocation text contains very broad trigger phrases such as general product research and ‘what should I sell,’ which can cause the skill to activate for ordinary planning conversations. Because the skill includes file-writing and references to side-effecting commerce operations, overbroad routing increases the chance of unnecessary tool use and unintended actions.

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The skill instructs writing a report into the working directory without warning the user or obtaining consent for filesystem modification. While the write target appears limited and not inherently destructive, silent file creation can still surprise users, overwrite expected outputs, or be chained with other behaviors in automation contexts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.