Back to skill

Security audit

亚马逊-店铺买家反馈

Security checks across malware telemetry and agentic risk

Overview

The skill performs its advertised Amazon feedback API lookups, but it needs review because it always saves full API responses locally and gives contradictory credit-cost guidance.

Install only if you are comfortable with Amazon seller feedback data being sent through LinkFox and saved as full JSON files on the local machine. Treat calls as potentially billable until the publisher resolves the contradictory credit guidance, and avoid running it in synced, shared, or repository directories unless you can manage or delete the saved linkfox data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill describes capabilities to read environment variables, invoke shell commands, make network requests, and write files, but it does not declare corresponding permissions or clearly surface them as security-relevant behaviors. This creates a transparency and governance gap: users and platforms may not realize the skill can exfiltrate data from env, persist API output locally, or invoke external services.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The document first warns that the tool consumes credits and should not automatically retry or probe, but later states '不消耗积分' ('does not consume credits'). Contradictory billing semantics can mislead an agent into making extra calls or bypassing cost safeguards, causing unexpected spend or abusive retry behavior.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The helper persistently writes full API responses and session metadata to local storage even though its stated purpose is to retrieve customer feedback insights. Those responses may contain sensitive business data, access-related metadata, or usage traces, creating an unnecessary local data-retention surface and possible disclosure to other local users, processes, backups, or support tooling.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs that complete API responses are always written to local disk under a session-organized path, without requiring explicit user warning or consent. Customer feedback data and associated identifiers may contain sensitive business information, and forced persistence increases the chance of unintended disclosure, later reuse, or collection by other tools on the same host.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The code writes complete API responses to disk without requiring explicit user consent or warning, which can silently retain commercially sensitive remote data on the local machine. In a customer-feedback analytics skill, this expands exposure from transient processing to durable storage and increases the chance of leakage through filesystem access, backups, or shared environments.

Ssd 3

Medium
Confidence
96% confidence
Finding
Always storing full API responses in local session files creates data retention beyond the immediate task and can expose user-provided parameters, seller identifiers, marketplace details, and feedback data to other local processes or future sessions. The mandated non-/tmp path under the current working directory may place sensitive data inside project trees that are synced, committed, or broadly readable.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.