Competitor Price Monitor

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward competitor price-monitoring guide, with expected web scraping, stored baselines, scheduled checks, and alerts disclosed at a high level.

Install only if you intend to monitor approved competitor pages. Configure specific URLs, reasonable check frequency, retention for stored snapshots, and trusted email or Telegram recipients; avoid storing unnecessary page content or sending internal pricing strategy to unapproved channels.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill explicitly describes web scraping, storing baseline snapshots, and sending alerts, but provides no notice about what data may be collected, how long it is retained, or where outbound notifications are sent. Even if the targets are competitor sites rather than end users, this creates a transparency and governance gap that can lead to unauthorized data collection, retention of sensitive page contents, or unintended disclosure through email/Telegram alerts.

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal