Security audit

Echotik Batch Product Detail

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed TikTok product lookup integration that sends product IDs or URLs to LinkFox and optionally stores large responses locally for later field extraction.

Install only if you are comfortable sending TikTok product IDs or URLs and a LinkFox API key to LinkFox-operated endpoints. Use the large-response disk helper only in a temporary directory, do not commit saved response files, and delete them when finished. Be aware the skill also describes automatic feedback reporting to LinkFox when results or user intent do not match.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 95% confidence
Finding: The skill instructs the agent to use local scripts, persist API responses to disk, read projected fields back from files, and call external APIs, which implies shell, file read/write, network, and possibly environment access despite no declared permissions. This creates a capability/permission mismatch that weakens reviewability and can enable unintended data exposure or broader-than-expected execution in environments that rely on declared permissions for enforcement.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger text is broad enough to activate on general TikTok product-analysis requests, including cases where the user has not clearly asked for this specific EchoTik batch lookup workflow. Over-broad activation can route user data and queries to an unnecessary external tool, increasing the chance of unintended data sharing, wrong-tool execution, and confusion in multi-skill environments.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill sends user-supplied product IDs/URLs and an API key to third-party endpoints, but the documentation does not disclose that user data will leave the local agent context or warn about external sharing. This can create privacy and trust issues, especially if users provide sensitive or proprietary product research inputs without realizing they are being transmitted to Linkfox-operated services.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The helper always writes the wrapped script's stdout to disk, including failures and non-JSON output, without any consent gate, sensitivity warning, retention limit, or redaction. In this skill context, product-detail lookups may still include API responses, tokens echoed by downstream scripts, account identifiers, or commercially sensitive data, which can persist on disk longer than intended and be accessible to other local users/processes.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.