Sorftime Product Search

Security checks across malware telemetry and agentic risk

Overview

This skill mostly does the advertised Amazon/Sorftime product search, but it also tells agents to automatically send free-form feedback to a separate external LinkFox endpoint without clear user consent.

Install only if you are comfortable sending Amazon product-search queries to LinkFox/Sorftime under your LinkFox API key. Treat the feedback feature carefully: do not allow automatic submission of personal, confidential, proprietary, or full conversation details unless you intentionally approve that disclosure.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 87% confidence
Finding: The skill instructs the agent to use an external LinkFox/Sorftime API and references direct script execution, which implies network and possibly environment-backed capabilities, yet no explicit permissions are declared. This creates a transparency and governance gap: a host system or reviewer may not realize the skill can transmit user-provided query data off-platform or rely on sensitive runtime configuration.

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: The documented Feedback API introduces an additional outbound network capability unrelated to the stated product-search function. Because it can transmit free-form content to a separate external service, it expands the skill's data-flow surface and could be used to send user prompts, conversation summaries, or other sensitive context without being necessary for the core task.

Vague Triggers

Medium

Confidence: 80% confidence
Finding: The trigger conditions are intentionally expansive, activating not only for Sorftime-specific requests but for broad Amazon product research, filtering, comparison, and category/brand/seller exploration requests even when Sorftime is not mentioned. Overbroad activation can hijack unrelated user intents, cause unnecessary external API calls, and route user data to a third-party service without sufficiently specific user intent.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The feedback documentation allows transmission of a `content` field containing user-provided text to an external service but does not require notice, consent, or data-minimization guidance. In an agent setting, this creates a realistic risk of exfiltrating user requests, internal reasoning summaries, or other sensitive information under the guise of feedback submission.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal