Back to skill

Security audit

Shopee Store Shop Flash Sale

Security checks across malware telemetry and agentic risk

Overview

This Shopee flash-sale skill is mostly purpose-aligned, but it should be reviewed because it can change store promotions and persist full business API responses in broader local locations than the documentation states.

Install only if you are comfortable giving the skill access to a LinkFox API key and authorized Shopee store operations, including create/update/delete flash-sale actions. Use it in a private workspace, avoid --inline unless needed, review saved files under linkfox/, and delete retained API responses when they are no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill describes capabilities including environment-variable access, shell execution, network calls, and persistent file writes, but does not declare permissions or otherwise constrain those behaviors. This creates a transparency and governance gap: an agent may invoke a skill with broader operational access than users or policy controls expect, increasing the chance of unintended data access, command execution, or exfiltration through the proxy workflow.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The helper persistently writes full API responses to local disk, including responses from store token resolution and developer proxy calls. In this skill context, those responses may contain shop identifiers, operational data, and potentially sensitive tokens or API-returned business data, creating unnecessary at-rest exposure beyond the stated Flash Sale management purpose.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
This code builds a local session archive, metadata files, and an index of skill activity unrelated to the core task of forwarding Shopee Flash Sale API requests. Such secondary data collection increases the attack surface and creates a persistent record of sessions and outputs that could be mined by other local processes or users.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger criteria are intentionally broad, including cases where the user does not explicitly mention flash sales as long as the request is related to authorized Shopee store promotion management. Overbroad activation can cause the wrong skill to run, leading to unintended API operations, unnecessary token consumption, or disclosure/storage of shop data in contexts where the user did not clearly request this functionality.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill states that complete API responses are always written to a persistent path under the working directory, but it does not require a clear upfront warning or user consent for storage of potentially sensitive shop, campaign, or item data. Persistent storage increases the risk of later unauthorized access, accidental commits, retention beyond need, and cross-session exposure if project directories are shared or backed up.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill writes response data to disk without a clear user-facing warning or consent mechanism. Even if intended for convenience or debugging, silent persistence of API outputs is dangerous because users may not expect local storage of potentially sensitive commerce/account data.

Ssd 3

Medium
Confidence
96% confidence
Finding
The workflow instructs the agent to always persist full API responses and, for smaller responses or when --inline is used, print full JSON to stdout. This can expose sensitive shop operational data, item details, identifiers, and possibly authentication-adjacent metadata through logs, transcripts, terminal history, or downstream tooling that captures stdout, making the data easier to leak than if it remained only in the API channel.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.