a2a supermarket

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed marketplace helper that can query or publish products to a user-specified market endpoint, with normal commerce-integration cautions.

Install only if you intend to use a Node-based marketplace CLI. Use trusted domains, prefer HTTPS, review the endpoint returned by UCP discovery if possible, and treat seller mode as a real publish action. Review any separate OAuth, Stripe, ledger, order-state, or websocket skills before relying on the broader end-to-end commerce flow.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill advertises executable CLI flows that connect to a market domain and route to multiple networked submodules, but the manifest does not declare any permissions. Hidden or undeclared network capability undermines trust boundaries, prevents accurate policy review, and can enable outbound communication to arbitrary services without informed approval. In an orchestration skill for commerce, this is more dangerous because it handles discovery, ordering, payments, and event propagation across multiple components.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal