Back to skill

Security audit

Shopee Store Voucher

Security checks across malware telemetry and agentic risk

Overview

This Shopee voucher skill is purpose-aligned, but it needs Review because it can change store promotions and automatically saves full business API responses locally, including outside the documented project folder.

Install only if you are comfortable giving the skill LinkFox/Shopee voucher authority and having full API responses saved locally. Use it in a controlled workspace, confirm before add/update/end/delete operations, and periodically delete the generated linkfox data directory if those records should not persist.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill advertises operational capabilities including environment-variable access, local file writes, network access, and shell execution, but does not declare permissions or constraints for them. That creates a transparency and governance gap: an invoking agent or reviewer may underestimate what the skill can do, increasing the risk of unintended data access, persistence, or external requests.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The helper writes full API responses to local files under a session archive, even though the skill's stated purpose is acting as a Shopee voucher proxy/manager. Those responses can contain access-related data, shop identifiers, voucher details, and other sensitive business information; persisting them creates unnecessary at-rest exposure and expands the blast radius if the host, workspace, or temp directory is accessible to other processes or users.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
This code builds a generalized local session archival and indexing system (`linkfox/<date>/<session>/...`, `_meta.json`, `index.jsonl`) unrelated to the core voucher-management function. In the context of a skill that handles commercial API data, such side-channel collection increases data retention, discoverability, and cross-session correlation risk without clear necessity or disclosure.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger language is unusually broad, including cases where the user does not explicitly mention vouchers and any discussion involving authorized Shopee store voucher management should invoke the skill. Over-broad activation can cause the agent to select this skill for general conversation or ambiguous requests, leading to unnecessary API calls, use of stored credentials, and unintended modification of voucher state.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill states that complete API responses are always written to local files under the working directory, with no built-in user warning or minimization of potentially sensitive business data. Voucher API responses may contain shop identifiers, campaign details, timestamps, status, and other commercially sensitive metadata, which can persist on disk longer than intended and be exposed to other tools, users, or repository workflows.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
Sensitive API responses are written to disk automatically with no user-facing warning, consent, or indication that local persistence is occurring. For a skill operating on authorized Shopee store voucher data, silent logging materially increases confidentiality risk because operators may assume the tool only proxies requests rather than creating durable local copies.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.