Back to skill

Security audit

亚马逊-店铺Listing管理

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Amazon listings management skill, but it can change or delete live listings and saves full API responses locally by default.

Install only if you are comfortable granting a local agent access to Amazon seller listing credentials and live listing mutation authority. Before using it, review where response files are saved, avoid committing those files, and require your own confirmation step for PATCH, PUT, or DELETE operations, especially deletion of active listings.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill advertises shell, network, environment-variable access, and local file writes, but does not declare permissions or present them in a structured, reviewable way. That weakens user and platform oversight, making it easier for a skill to access API keys, call external services, and persist potentially sensitive marketplace data without informed consent.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The helper serializes and persistently stores full API responses to local disk for every call, including potentially sensitive SP-API data such as listing details, restrictions, metadata, or account-linked business information. This storage behavior is broader than the stated skill purpose and creates a confidentiality risk because data remains on disk in predictable locations and may be accessible to other local users, processes, backups, or later sessions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill states that full API responses are always written to project-local files, which may include seller identifiers, listing data, restrictions, schemas, or operational metadata. Persisting these responses by default without an explicit, prominent warning and opt-in increases the risk of sensitive business data being unintentionally retained, committed, or exposed to other tools in the workspace.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documented capability includes deleting listings, which is a destructive business operation, but the skill does not require an explicit user-facing confirmation step at the point of use. In this context, accidental or manipulated invocation could remove active Amazon listings, causing loss of sales, operational disruption, and recovery effort.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
This section documents PATCH, PUT, and DELETE listing operations that can change or remove marketplace listings, but it does not prominently warn users that these actions are data-impacting and potentially irreversible. In an agent skill context, providing ready-to-use destructive API instructions without explicit confirmation/safety guidance increases the risk of accidental or unauthorized inventory changes.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Sensitive response data is written to disk automatically without any user-facing disclosure, consent, or clear indication in the skill description. In the context of an Amazon listings-management skill, responses may contain commercially sensitive catalog, restriction, and account-related data, so silent persistence undermines user expectations and can lead to unintended local data exposure.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This script performs a destructive Amazon listing deletion immediately when invoked, with no explicit confirmation gate, dry-run mode, or user-facing warning in the execution flow. In an agent/skill context, that increases the chance of accidental or prompt-induced deletion of listings, which can disrupt sales operations even if the API call is authenticated.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
This script performs a live PATCH against Amazon Listings via a remote proxy and can modify production listing data, but it does not enforce an explicit confirmation, dry-run default, or strong warning at execution time. In an agent setting, that increases the risk of unintended destructive or business-impacting changes if a user prompt is ambiguous or the agent invokes the skill automatically.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.