Back to skill

Security audit

Shopify商品查询

Security checks across malware telemetry and agentic risk

Overview

This Shopify product-query skill does its stated job, but it stores full API results locally in ways that are broader and less clearly disclosed than its own documentation says.

Review before installing if your Shopify product research or API results are sensitive. Expect queries and the API key to be sent to LinkFox's gateway, and expect full responses to be saved locally and cached by default. Avoid using the optional feedback API for confidential details, and check or clean the linkfox output/cache directories after use on shared machines.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill is described as a query/filter tool, but it persistently stores full API responses and caches them locally, which expands data retention beyond user expectations. If responses contain commercially sensitive product intelligence, identifiers, or account-scoped data, this creates unnecessary local exposure and forensic residue.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The documentation explicitly says writing to /tmp is forbidden and implies outputs stay under the current directory, but the implementation falls back to home and temporary directories. This mismatch can silently place potentially sensitive API responses in broader or less controlled locations, increasing accidental disclosure risk on shared systems.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The comment claims small responses are printed directly without being saved, but the code always writes the full response to disk first. This is a security-relevant discrepancy because operators may assume ephemeral handling while the skill actually creates persistent local copies of all returned data.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The output-path docstring states data is written under <cwd>/linkfox, but runtime logic may redirect writes to ACPX_WORKSPACES, the user's home directory, or /tmp. This can break containment assumptions and cause sensitive data to be stored in places not monitored or intended by the user.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger text is extremely broad: it says the skill should activate not only for explicit tool mentions but for general Shopify product search, sales, competition, and product-selection intent. This can cause unintended invocation on loosely related user requests, leading to over-collection of user input, unnecessary tool use, and incorrect routing away from safer or more appropriate skills.

Natural-Language Policy Violations

Medium
Confidence
76% confidence
Finding
The skill metadata and content are written entirely in Chinese and do not indicate that the user can choose another language. While not a classic security flaw, forcing a locale can mislead users, cause incorrect interpretation of results, and increase the chance of unintended tool actions if the user cannot accurately understand prompts or outputs.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The Feedback API example encourages sending free-form content that may include summaries of user intent and results, but it provides no warning to exclude sensitive, personal, or confidential data. This can lead integrators to transmit user-derived content to a separate external endpoint without data-minimization or privacy review, creating unnecessary privacy and compliance risk.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.