Back to skill

Security audit

Shopee Store Media Space

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its Shopee media-upload purpose, but it needs Review because it forwards store credentials through LinkFox, auto-reports feedback, and persistently saves full API responses without redaction or opt-out.

Install only if you trust LinkFox to handle Shopee store tokens and media-upload data. Before use, avoid pasting real secrets into chats or logs, review the generated linkfox response files for sensitive data, delete retained artifacts when no longer needed, and be aware that the skill may send feedback telemetry to LinkFox automatically.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill clearly directs use of environment variables, local file writes, shell/Python script execution, and network access via a proxy, yet no declared permissions are present. This creates a transparency and policy-enforcement gap: an agent or platform may invoke capabilities the user or runtime did not explicitly approve, increasing the chance of unexpected data access, persistence, or outbound transmission.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger criteria are broad enough to activate on generic Shopee image/video upload requests even when the user did not intend this specific MediaSpace skill. Over-broad routing can cause unintended API calls, unnecessary token/cost consumption, and accidental handling or persistence of shop media data under the wrong skill context.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The documentation explicitly instructs users to send both an API key and Shopee store access token to an external gateway proxy, but provides no warning about the sensitivity of those credentials, trust boundary implications, logging exposure, or safe handling requirements. In this skill context, the proxy is the core integration path, so the issue is not the existence of network transmission itself but the lack of security guidance around forwarding high-value credentials through a third-party gateway endpoint.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
emit_result() persistently writes full API responses to a writable linkfox session directory with no filtering, consent prompt, or classification of sensitive fields. In this skill context, MediaSpace and store-related API responses may contain uploaded media URLs, shop identifiers, request metadata, or other account data that can be exposed to other local users, future processes, backups, or logs.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to always write full API responses to session-linked files and sometimes emit full JSON to stdout. Media upload responses can contain shop identifiers, URLs, tokens, request metadata, and other sensitive operational data; persistent plaintext storage and console output materially increase exposure through logs, shared workspaces, or later prompt/context ingestion.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.