Back to skill

Security audit

Etsy类目搜索

Security checks across malware telemetry and agentic risk

Overview

This Etsy category lookup skill is not clearly dangerous, but it sends API-key-authenticated queries to a remote LinkFox service and stores full responses locally despite describing the lookup as local.

Review before installing. Use this only if you are comfortable sending Etsy category search terms and LinkFox authorization headers to LinkFox’s gateway. Avoid setting LINKFOX_TOOL_GATEWAY unless you fully trust the destination, and expect full responses to be written under local linkfox directories unless you run with cache/storage controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Tainted flow: 'req' from os.environ.get (line 70, credential/environment) → urllib.request.urlopen (network output)

Critical
Category
Data Flow
Content
method="POST",
    )
    try:
        with urlopen(req, timeout=120) as response:
            return json.loads(response.read().decode("utf-8"))
    except HTTPError as e:
        body = e.read().decode("utf-8") if e.fp else ""
Confidence
94% confidence
Finding
with urlopen(req, timeout=120) as response:

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The skill is presented as a category lookup utility, but by default it persists full API responses plus session-linked metadata to local storage. That broadens data exposure beyond user expectations and can leak potentially sensitive query contents, account-linked metadata, or returned business data into project, home, or temporary directories.

Description-Behavior Mismatch

Medium
Confidence
82% confidence
Finding
The metadata says the skill should search a local synced category database, but the implementation always performs a remote request to the LinkFox gateway. This mismatch can cause unintentional data disclosure to a remote service when users or orchestrators believe processing is local-only, making the context more dangerous because the declared behavior understates network exposure.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger text is broad enough to activate whenever a user mentions Etsy categories or even when the system infers that a local category lookup might help, including cases where the tool name is not mentioned. Overly broad activation can cause unintended tool use, data flow to external components, or user-confusing behavior that bypasses clearer intent confirmation.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The skill content is written to operate in Chinese without indicating language adaptation based on the user's preferences. This can cause misleading or inaccessible outputs and may override the user's chosen language, reducing transparency and increasing the chance of incorrect tool usage or misunderstood results.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.