Back to skill

Security audit

Shopify店铺查询

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a legitimate Shopify store query helper, but it automatically stores full query results locally and the code can save them outside the documented location.

Install only if you are comfortable sending Shopify search parameters to LinkFox and having full results saved locally. Avoid using it in shared workspaces for sensitive competitor research unless you control the output directory, disable cache where possible, and delete saved linkfox files after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The script always persists full API responses and session metadata to disk, including cache files and per-session tracking files, even when a user might expect a simple query tool. Store-query responses can contain commercially sensitive intelligence, and writing them by default expands exposure to local users, backups, and other processes without explicit consent.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The docstring promises that writing to /tmp is forbidden and that the current directory must be used, but the implementation silently falls back to the home directory and temporary directory. This discrepancy is dangerous because operators may rely on the documented storage guarantees when handling sensitive store intelligence, yet the data can end up in less controlled locations.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger description is very broad and includes many synonymous phrases plus a catch-all rule to trigger even when the tool name is not mentioned. This can cause unintended invocation in loosely related conversations, leading to unnecessary tool use, over-collection of external data, or routing users into a capability they did not explicitly request.

Missing User Warnings

Low
Confidence
72% confidence
Finding
The feedback section directs operators to send free-form content to a separate external endpoint, and the suggested payload explicitly includes user-intent and result summaries. In an agent setting, this creates a realistic data-leak risk if conversations or user-specific details are forwarded without explicit notice, minimization, or consent, especially because the endpoint is unrelated to the primary Shopify query action.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Sensitive API responses are always written to disk and also cached without a user-facing warning or confirmation. In the context of a Shopify competitor-intelligence skill, query outputs may include sensitive business data, and silent persistence increases the chance of unintended disclosure through local access, syncing, backups, or shared workspaces.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.