Ehunt Etsy Store Query

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This skill is a disclosed Etsy store research helper that uses a LinkFox/EHunt gateway and API key, with some caution needed around broad activation and key handling.

Install this only if you intend to use LinkFox/EHunt for Etsy store research. Keep LINKFOXAGENT_API_KEY in a secure environment or secret manager, do not paste or commit it, and confirm before using the tool for ambiguous Etsy requests because your search parameters will be sent to the LinkFox gateway.

SkillSpector (2)

By NVIDIA

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger description is intentionally broad: it activates not only on explicit EHunt tool requests but also on generic requests to find or analyze Etsy shops. That can cause the skill to fire in situations the user did not intend, leading to unnecessary third-party data access, tool invocation, and possible leakage of user query context to an external service.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The documentation instructs users to send requests to a third-party gateway using a sensitive API key from an environment variable, but it does not warn about secure key handling, logging exposure, or the fact that query data is transmitted to an external service. In an agent-skill context, this can lead to accidental credential leakage in shell history, debug output, screenshots, shared environments, or unreviewed transmission of user/business data to a third party.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal