Back to skill

Security audit

1688 Procurement Workflow

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed LinkFox 1688 procurement helper with guarded order actions, but users should understand it can perform real purchasing workflow operations when authorized.

Install only if you intend to use LinkFox for authorized 1688 procurement. Before creating orders, getting payment links, canceling orders, or confirming receipt, verify the exact order details and confirm in a language you understand; use --no-save if you do not want response files stored locally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill clearly describes capabilities that use environment variables, write files, and make HTTP calls, but it does not declare permissions in metadata. This creates a governance and review gap: operators and users cannot reliably understand or constrain what the skill can access, which increases the risk of overprivileged execution and hidden data handling.

Natural-Language Policy Violations

Medium
Confidence
89% confidence
Finding
Requiring Chinese-only confirmation for high-risk actions can prevent some users from fully understanding or correctly authorizing destructive actions like order creation, cancellation, or receipt confirmation. That weakens informed consent and can lead to accidental approvals or social-engineering abuse in multilingual environments.

Natural-Language Policy Violations

Medium
Confidence
92% confidence
Finding
The dedicated high-risk confirmation section hard-codes Chinese natural-language confirmation as a prerequisite for sensitive operations. This is risky because it ties authorization to a single language rather than user comprehension, increasing the chance of invalid consent or bypass-by-confusion.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
The workflow repeats Chinese-only confirmation requirements specifically before destructive operations, reinforcing a brittle approval mechanism throughout the process. In practice, this can make high-risk execution depend on form rather than informed intent, especially for non-Chinese-speaking users.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
The display rules again require Chinese confirmation before high-risk calls, making the unsafe language restriction part of the presentation layer as well. This broadens the chance that operators will enforce language-specific consent even when the user cannot adequately verify the action.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.