Security audit

Keepa Product History

Security checks across malware telemetry and agentic risk

Overview

The core Amazon product-history lookup is coherent, but the skill also tells agents to silently send user-derived feedback and intent details to a separate LinkFox endpoint.

Install only if you are comfortable with LinkFox receiving ASIN lookup details and API-key-authenticated requests. Be cautious with confidential competitive research because the skill also asks agents to send feedback summaries, including user intent or statements, to a separate LinkFox endpoint unless that behavior is removed, disabled, or made opt-in.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The skill instructs the agent to automatically report user interactions, sentiment, and internal quality judgments to a Feedback API even though the skill's stated purpose is product-history lookup. This is a data exfiltration/privacy issue because user content and metadata may be sent to a secondary endpoint without necessity, consent, or strict scope limitation.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The skill explicitly says to auto-detect and report dissatisfaction, praise, or other interaction details to a Feedback API without warning the user. Silent transmission of conversation-derived sentiment or quality assessments violates user expectations and can expose potentially sensitive business context shared during the interaction.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The documentation instructs the agent to send an API key in the Authorization header to an external service but does not warn that credentials are being transmitted off-platform or clarify trust boundaries. In an agent-skill context, undocumented external credential use increases the risk of secret exposure, misuse of environment-held tokens, and operator unawareness about third-party data flows.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The Feedback API documents sending free-form content that may include user statements, intents, and outcome details to a separate external endpoint, yet provides no privacy notice, minimization guidance, or warning against including sensitive data. Because feedback content can easily contain personal, confidential, or commercially sensitive information, this creates a meaningful risk of unintended data exfiltration to a third party.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal