Back to skill

Security audit

Shopee Store First Mile

Security checks across malware telemetry and agentic risk

Overview

This Shopee logistics skill appears purpose-built, but it always stores full authenticated API responses in plaintext local files, including potentially sensitive order and shipment data.

Review this before installing if you use Shopee store data in shared workspaces. Expect authenticated API calls that can change logistics state, and expect full responses to be saved locally in plaintext. Install only if that local retention model is acceptable, and avoid using it in projects where saved order, waybill, or shipment data could be exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill describes operational capabilities that include reading environment variables, writing files, invoking shell commands, and making network requests, but it does not declare permissions or otherwise constrain those actions. In a skill that handles Shopee store authorization and API access, this mismatch reduces transparency and increases the chance of over-privileged execution, making it harder for reviewers and users to assess data exposure and abuse paths.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
`emit_result()` serializes and writes full API responses to local disk under predictable session directories, even though this skill is described as a proxy for Shopee FirstMile APIs rather than a data-retention component. FirstMile/store-token related responses can contain order, shipment, and other sensitive business data, so indiscriminate persistence materially increases exposure through local compromise, shared workspace access, backups, or later unintended reuse.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs that full API responses must always be written to local session-organized files, which can retain order, shipping, store, or token-adjacent metadata longer than needed for the user task. Because this is a logistics skill interacting with authenticated Shopee APIs, the stored JSON may contain sensitive commercial and operational data, increasing exposure through local compromise, accidental inclusion in project files, or later reuse outside the original purpose.

Ssd 3

Medium
Confidence
98% confidence
Finding
The session logging layer persists full API responses and metadata in plaintext JSON under a writable root chosen from workspace/home/tmp locations, with no minimization or access-control logic shown. In the context of a logistics/auth-adjacent skill, these responses may include shipment details, identifiers, and potentially token-bearing proxy payloads, making retention a substantial confidentiality risk beyond the skill's stated function.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.