amazon-sorftime-research-MCP-skill

Security checks across malware telemetry and agentic risk

Overview

The skill mostly performs the advertised Amazon analysis, but its bundled references expose unrelated account-changing Sorftime tools and weak API-key handling that users should review first.

Install only if you trust Sorftime and are comfortable sending Amazon product research data to that service. Protect the API key, avoid committing .mcp.json, and do not let the agent use keyword add/move/delete or non-Amazon research tools unless you explicitly intend those actions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (10)

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The skill is presented as a single-ASIN Amazon listing analysis workflow, but the later reference sections materially broaden its capabilities to TikTok, influencer/video research, and 1688 sourcing analysis. This scope creep weakens least-privilege expectations and can normalize use of unrelated external data sources and actions beyond what a user would reasonably infer from the skill name and description.

Description-Behavior Mismatch

Medium

Confidence: 88% confidence
Finding: The main skill body describes an analysis/reporting workflow, but the reference section introduces keyword dictionary management operations such as add, move, and remove. Those are state-changing capabilities unrelated to generating a competitor analysis report, increasing the chance of unintended modifications to remote user data or collections.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: TikTok product, video, influencer, and category analysis capabilities are not directly required to analyze a single Amazon competitor listing. Including them expands data access and external transmission surface in a way that is hard to justify from the declared purpose, creating an unnecessary privilege and privacy boundary violation risk.

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The 1688 procurement and sourcing-cost research capability is unrelated to the core task of Amazon competitor listing analysis. Its inclusion broadens the skill into supply-chain investigation without clear user consent, increasing the chance of off-scope external queries and misuse of collected business intelligence.

Context-Inappropriate Capability

Medium

Confidence: 89% confidence
Finding: The reference includes keyword-library management actions such as add, move, and delete favorites that are unrelated to the stated skill purpose of competitor listing analysis. In an agent context, exposing unnecessary state-changing operations increases the attack surface and can enable unauthorized or accidental modification of a user's keyword library if the model selects the wrong tool path.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill description says the analysis result is automatically saved to a Markdown file, but it does not warn the user that invoking the skill will modify the workspace. Silent file creation is risky because it performs a state-changing action beyond simple analysis, and users may not expect persistent artifacts to be written automatically.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The instructions explicitly direct creation of a `reports/` directory and writing a Markdown file, but provide no safety guardrails around workspace modification, overwrite behavior, or user consent. This increases the risk of unwanted filesystem changes and normalizes write operations in a skill whose primary purpose is analysis rather than file management.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The documentation shows an API key being placed in the URL query string, which is commonly logged by browsers, proxies, servers, observability tooling, and shell history. In the context of an agent skill that calls third-party APIs automatically, this increases the chance of credential leakage and subsequent unauthorized API use.

Vague Triggers

Medium

Confidence: 81% confidence
Finding: The documentation describes many broad query capabilities across products, categories, keywords, and personal keyword-library features without clear trigger boundaries, exclusions, or least-privilege guidance. In a skill that should activate for '/amazon-analyse' with a product ASIN, this ambiguity makes tool overreach more likely and can cause the agent to invoke unrelated functions or act on unintended inputs.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: A delete-keyword operation is documented with no warning, confirmation, or authorization guidance, despite being destructive and unrelated to the advertised analysis task. If reachable by the agent, prompt confusion or adversarial input could trigger irreversible user data changes in the keyword library, making the skill context more dangerous because users would not expect write/delete side effects from an analysis command.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal