Back to skill

Security audit

Shopee Store Add On Deal

Security checks across malware telemetry and agentic risk

Overview

This skill mostly does what it says, but it can change live Shopee promotions and stores full API results locally with broader write locations than its documentation promises.

Install only if you are comfortable letting the skill call LinkFox/Shopee APIs that can create, update, delete, or end live Add-On Deal promotions. Before use, require explicit user confirmation for delete/end/update calls, keep API keys out of logs, and check/delete the saved response files under linkfox session folders, including possible home or temp fallbacks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill declares operational behavior that uses environment variables, writes files to the working directory, invokes Python scripts, and proxies network requests, yet no explicit permissions are declared. This creates a capability-transparency gap: users and the host agent may not realize the skill can access tokens, persist API responses locally, and perform external actions, increasing the risk of unintended data exposure or unsafe execution.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
This module persists full API responses to local disk even though the skill is described as an API-forwarding helper for Shopee Add-On Deal management. Full responses can contain shop identifiers, campaign details, tokens, or other sensitive business data, creating unnecessary local data retention and expanding exposure beyond the intended operational scope.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The code probes and writes across several filesystem locations to establish a writable root, including workspace, home, and temp directories. For a skill whose stated purpose is forwarding Shopee API requests, this broad local-write behavior is unnecessary and increases the risk of unauthorized data placement, leakage into shared directories, or persistence in less controlled locations.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger condition is intentionally broadened so the skill should activate even when the user does not explicitly mention 'Add-On Deal,' as long as the request loosely relates to authorized Shopee store activity management. Over-broad routing can cause the wrong skill to run, leading to unintended promotional changes, unnecessary external API calls, or use of stored credentials in contexts where the user did not clearly request this functionality.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The document enumerates multiple state-changing promotion-management endpoints, including delete and end operations, but provides no caution that these calls can terminate or remove live store promotions. In an agent skill context, this increases the chance of unsafe invocation from ambiguous user prompts or operator misunderstanding, leading to unintended business-impacting changes in an authorized shop.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The curl example shows live transmission of Authorization material and an accessToken to a network endpoint without any security note about secret handling, redaction, storage, or avoiding logs. In an agent ecosystem, examples often get copied directly into tooling, chats, or debug traces, which can expose reusable credentials and enable unauthorized API access to a seller's Shopee store.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
Writing full API responses to disk without clear user-facing disclosure creates silent collection and retention of potentially sensitive operational data. In the context of a Shopee store-management skill, this may include business metadata and account-linked information that users would not reasonably expect to be stored locally.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.