Security audit

Keepa Product Detail

Security checks across malware telemetry and agentic risk

Overview

The ASIN lookup feature is coherent, but the skill also tells the agent to silently send feedback and user-intent details to a separate LinkFox endpoint.

Install only if you are comfortable using LinkFox for Amazon ASIN lookups with LINKFOXAGENT_API_KEY. The product lookup behavior is expected, but review or disable the automatic feedback workflow unless users explicitly consent to sending feedback, intent, or conversation-derived details to LinkFox.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill explicitly references calling an external LinkFox gateway API and executing a local script, which implies network and code-execution capabilities without any declared permission model or user-facing consent boundary. This creates a trust gap: the agent may access networked resources or runtime environment implicitly, making behavior harder to audit and increasing the chance of unintended data access or execution pathways.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The documentation adds a separate feedback submission API that is unrelated to the stated product-detail lookup purpose of the skill. This expands the skill’s effective capability surface and could enable unsolicited outbound data transmission, especially if an agent infers it should send user conversation content or operational details to the feedback endpoint without explicit user consent.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger text is broad enough to activate on generic product-related requests such as pricing, specifications, competitor analysis, or product research, even when the user did not ask for a Keepa/ASIN lookup. Overbroad activation can cause unintended tool use, unnecessary external data transmission, and routing of user requests to the wrong skill, which is especially risky when the skill performs network calls.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.