Security audit

Clickbank Scraper

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed ClickBank scraper that fetches public product data, writes local JSON files, and optionally includes the user’s affiliate nickname in generated links.

Install only if you are comfortable running an npm scraper that contacts CBTrends and writes output files locally. If you set CB_AFFILIATE_ID, expect that nickname to appear in console output and generated JSON hoplinks; enable cron or n8n scheduling only deliberately.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 85% confidence
Finding: The skill documentation indicates use of environment variables and outbound network access, but it does not declare those permissions explicitly. In an agent ecosystem, undeclared capabilities reduce transparency and can cause operators to approve a skill without understanding that it can exfiltrate environment-held secrets or make unreviewed external requests.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 82% confidence
Finding: The documented purpose says the skill scrapes products by category for pipeline use, but the described behavior also embeds affiliate IDs in hoplinks, writes files locally, and appears limited to a narrower hardcoded source/category than claimed. This mismatch is security-relevant because reviewers may authorize the skill for read-only scraping while overlooking monetization behavior and persistent filesystem writes.

Missing User Warnings

Low

Confidence: 74% confidence
Finding: The skill states that it writes JSON output files locally but does not prominently warn users that running it modifies the filesystem. While this is a common and likely benign behavior for a scraper, the lack of disclosure can still surprise users, overwrite existing files, or introduce data-handling issues in automated environments.

Missing User Warnings

Medium

Confidence: 83% confidence
Finding: The affiliate identifier is sourced from an environment variable and then incorporated into generated hoplinks that are written to JSON output files. In automation pipelines, those files may be shared, committed, logged, or consumed by other tools, unintentionally disclosing a credential-like business identifier and enabling misuse, impersonation, or affiliate attribution abuse.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal