Back to skill

Security audit

Temu商品查询

Security checks across malware telemetry and agentic risk

Overview

This Temu product-query skill appears purpose-aligned and non-destructive, but it sends query context to LinkFox and saves full results locally.

Install only if you are comfortable sending Temu search/filter queries and basic session context to LinkFox. Avoid using it for confidential sourcing research unless local response files and caches under linkfox directories are acceptable, and periodically delete those files if you do not want query results retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill stores full API responses and also maintains session metadata and on-disk cache entries, which can persist potentially sensitive business data longer than users expect. In an agent/tooling context, silent local persistence increases the risk of later disclosure through other tools, workspace sharing, backups, or multi-user systems.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The documentation promises that writes to /tmp are forbidden and that failure should occur if the current directory is not writable, but the implementation falls back to home and temporary directories. This mismatch can cause data to be written to less expected or less controlled locations, undermining operator assumptions and increasing accidental exposure risk.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation text is very broad: it says to trigger not only on explicit tool requests but on essentially any request about searching Temu products, viewing sales, ratings, or pricing. Overbroad triggering can cause the agent to invoke the skill in situations the user did not clearly intend, increasing unnecessary data access, unexpected external queries, and tool overreach.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script sends user-supplied query parameters together with SESSION_ID, MODE_ID, and APP_NAME to a remote service without an explicit user-facing warning at runtime. In an agent skill, these identifiers may reveal workflow or tenant context beyond the product query itself, creating avoidable privacy and data-sharing risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.