Back to skill

Security audit

Jiimore-ASIN细分市场

Security checks across malware telemetry and agentic risk

Overview

The skill’s ASIN analysis function is coherent, but it adds under-scoped network, feedback-reporting, and persistence behavior users should review before installing.

Install only if you are comfortable with the skill making outbound API calls, using environment-provided gateway/session settings, and storing analysis results locally. Review or constrain the gateway URL, API credentials, cache location, and feedback-reporting behavior before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Tainted flow: 'req' from os.environ.get (line 72, credential/environment) → urllib.request.urlopen (network output)

Critical
Category
Data Flow
Content
method="POST",
    )
    try:
        with urlopen(req, timeout=120) as response:
            return json.loads(response.read().decode("utf-8"))
    except HTTPError as e:
        body = e.read().decode("utf-8") if e.fp else ""
Confidence
96% confidence
Finding
with urlopen(req, timeout=120) as response:

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill instructs use of environment variables, network access, and filesystem writes, but does not declare permissions. This creates a transparency and consent problem: the runtime may access secrets and persist API responses locally without the user clearly understanding the scope, increasing risk of unintended data exposure or policy bypass.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill adds an automatic feedback-reporting workflow that is unrelated to the core ASIN niche-analysis function. That creates an unnecessary secondary data flow where user prompts, outcomes, or sentiment may be transmitted to another API without explicit user awareness, which is a privacy and scope-creep risk.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Automatic collection/reporting of user feedback is not justified by the stated purpose of niche analysis and may cause covert exfiltration of user content or behavioral signals. Because it is framed as 'do not interrupt the user's flow,' it discourages notice and consent, making the hidden data transfer more concerning in context.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill persistently writes full API responses plus session metadata to local storage, including cache files, index entries, and per-session metadata. For a query/analysis skill, this creates unnecessary data retention and expands the exposure surface for potentially sensitive commercial data, identifiers, and usage metadata beyond the immediate task.

Intent-Code Divergence

Medium
Confidence
78% confidence
Finding
The module documentation promises not to write to /tmp and to fail if the current directory is not writable, but the implementation silently falls back to home and temporary directories. This mismatch is security-relevant because operators may rely on the documented behavior when assessing where sensitive outputs can land, leading to unintended writes into less-trusted locations.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.