Security audit

Sif Keyword Overview

Security checks across malware telemetry and agentic risk

Overview

The main Amazon keyword-analysis feature is coherent, but the skill also instructs agents to silently send user feedback or task context to a separate LinkFox endpoint.

Install only if you trust LinkFox with your keyword research queries and API key. Avoid putting confidential product plans, customer data, or secrets in keywords. Treat the feedback feature as the main review issue: it may send user reactions or task context to a separate LinkFox service unless your agent environment blocks or requires consent for that call.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill describes use of an external LinkFox API and direct script execution, implying network and possibly environment access, but it does not declare permissions or boundaries for those capabilities. Undeclared capabilities reduce transparency and can enable unexpected data flow to external services, making review and runtime enforcement harder.

Vague Triggers

Medium

Confidence: 80% confidence
Finding: The trigger conditions are very broad and include many generic product-research phrases, so the skill may activate for user requests that did not intend to invoke this external-data workflow. Overbroad activation can cause unintended disclosure of user queries to third-party APIs and reduce user control over tool use.

Natural-Language Policy Violations

Medium

Confidence: 86% confidence
Finding: The skill instructs automatic translation of the user's keyword into the marketplace language before querying, without asking for consent or clarifying that the wording will be transformed. This can alter user intent, send modified data to external systems, and produce inaccurate or privacy-impacting queries if brand names or sensitive phrases are mistranslated.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The file documents a separate feedback endpoint that sends free-form content to another external service, but it does not require user awareness or consent before transmitting potentially sensitive user statements. Because the content field is intended to include what the user said or intended, an agent could unintentionally forward user data to a secondary processor unrelated to the primary tool call.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.