Security audit

卖家之家(跨境电商)服务商搜索

Security checks across malware telemetry and agentic risk

Overview

This search skill is mostly documentation-only, but it asks for an API key and steers agents toward authenticated private messaging outside its declared public search scope.

Install only if you are comfortable configuring MJZJ_API_KEY for a skill advertised as public search. Treat any provider private message as a separate authenticated account action: review the recipient and exact message text, then explicitly approve it before sending.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The skill is presented as a public service-provider search tool, but the documentation expands its effective scope to include authenticated private messaging through another skill. That creates capability drift: an agent selecting this skill for read-only lookup may be steered into taking an external action on behalf of a user without clear separation, review, or consent boundaries.

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: The documentation explicitly states that only two APIs are exposed, but later instructs the agent to use a third messaging API. This inconsistency can mislead orchestrators, reviewers, or users about the actual action surface and may cause unexpected authenticated behavior beyond the declared interface boundary.

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: Introducing an authenticated private-messaging path into a search-oriented skill is a material expansion from passive retrieval to outbound user-to-third-party communication. That increases risk because the agent may transition from browsing results to sending messages using stored credentials, which is a higher-impact action and not justified by the skill's stated purpose.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill enables contacting third-party service providers via private message without requiring an explicit warning or confirmation that an outbound communication will occur. This can lead to privacy, consent, and reputational issues if an agent messages a provider unexpectedly or with user data the user did not realize would be transmitted.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.