Back to skill

Security audit

Shopify Product Images Downloader

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does what it says, but WebP mode can automatically run npm install commands and modify the skill directory without clear upfront disclosure.

Review this skill before installing if you plan to use WebP conversion. Normal image download mode is narrowly scoped, but WebP mode may run npm and install sharp into the skill directory, which can create package files and execute dependency install scripts. Use it only in an environment where that local package installation is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill is described as downloading product images, with optional WebP conversion, but this implementation goes further by invoking child_process and running npm commands to initialize a package and install dependencies at runtime. Spawning subprocesses and modifying the local package environment is a materially broader capability than straightforward downloading/conversion and is not justified by the manifest description.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The manifest frames the skill as a downloader for Shopify product images with optional conversion and renaming. In practice, when WebP mode is enabled, the code writes local project metadata and node_modules content by running npm init and npm install, which is behavior beyond the stated downloader scope.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This code automatically installs the `sharp` package by invoking `npm init -y` and `npm install sharp` via subprocess when `--webp` is enabled. Although the script warns before downloading files, it does not explicitly disclose beforehand that enabling WebP conversion may execute package-management commands and modify the local project directory.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/shopify-image-downloader.mjs:487