Back to skill

Security audit

amazon-sorftime-research-keywords-skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Amazon keyword research workflow that sends product and keyword queries to Sorftime, uses optional LLM classification, and writes local reports; it has privacy and credential-handling caveats but no evidence of hidden or destructive behavior.

Install only if you are comfortable sharing ASINs, product details, and keyword research data with Sorftime and, when using LLM classification, with the selected LLM provider. Protect the Sorftime API key in .mcp.json, avoid logging full URLs that contain the key, and treat generated report files and classification prompts as potentially sensitive business research artifacts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill describes and enables shell execution, environment access, and file read/write behavior, but does not declare permissions or clearly scope those capabilities. This creates a trust and review gap: users or platforms may not realize the skill can access local files, environment secrets, and execute commands that call external services.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation instructs sending ASIN, product details, keyword data, and manual classification prompts to external Sorftime and Claude services, but provides no clear privacy notice, data retention statement, or handling guidance. This can lead to unintentional disclosure of business-sensitive research inputs and outputs to third parties without informed consent.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The examples place the API key directly in the request URL query string. Query parameters are commonly exposed through shell history, process listings, logs, proxies, monitoring tools, and error reports, which increases the chance of credential leakage even when HTTPS is used. In this skill context, the document is operational guidance for real API use, so users are likely to copy the pattern verbatim.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The documentation instructs callers to place the API key in the URL query string, which is commonly exposed in browser history, proxy logs, server logs, monitoring systems, and referrer-like telemetry. In this skill context, the pattern is more dangerous because the agent will likely automate outbound requests to a third-party MCP endpoint, increasing the chance that secrets are propagated into logs or diagnostics during normal operation.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The workflow writes the full LLM classification prompt to disk, and that prompt includes product metadata plus up to 500 collected keywords. In a shared workspace, agent environment, or retained artifact store, this can expose potentially sensitive business research inputs and intermediate prompt content to other users, tools, or later processes without an explicit consent gate or minimization step.

External Transmission

Medium
Category
Data Exfiltration
Content
#### Step 1.1: 获取产品流量词

```bash
curl -s -X POST "https://mcp.sorftime.com?key={API_KEY}" \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":1,"method":"tools/call","params":{"name":"product_traffic_terms","arguments":{"amzSite":"US","asin":"ASIN"}}}'
```
Confidence
92% confidence
Finding
curl -s -X POST "https://mcp.sorftime.com?key={API_KEY}" \ -H "Content-Type: application/json" \ -d '{"jsonrpc":"2.0","id":1,"method":"tools/call","params":{"name":"product_traffic_terms","argumen

External Transmission

Medium
Category
Data Exfiltration
Content
### 调用格式

```bash
curl -s -X POST "https://mcp.sorftime.com?key={API_KEY}" \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":N,"method":"tools/call","params":{"name":"TOOL_NAME","arguments":{"amzSite":"US","KEY":"VALUE"}}}'
```
Confidence
91% confidence
Finding
curl -s -X POST "https://mcp.sorftime.com?key={API_KEY}" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
# Sorftime MCP 工具参考 (curl 调用格式)

**注意**:Sorftime MCP 使用 SSE 协议,所有工具调用格式如下:
Confidence
82% confidence
Finding
curl 调用格式) **注意**:Sorftime MCP 使用 SSE 协议,所有工具调用格式如下: ```bash curl -s -X POST "https://mcp.sorftime.com?key=YOUR_API_KEY" \ -H "Content-Type: application/json" \ -d '{"jsonrpc":"2.0","id":N,"meth

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.