Price Monitor & Daily Excel Report Bot

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed price-monitoring automation that scrapes configured product URLs, stores reports locally, and emails them using user-provided SMTP settings.

Install only if you want scheduled scraping and automatic email reports. Use a dedicated SMTP account or app password, verify the recipient and monitored URLs, and consider adding retention limits, recipient allowlisting, and confirmation before first email send.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger phrases are broad, natural-language requests such as 'email me a report every morning' and 'add this product URL,' which can overlap with ordinary conversation. In an agent environment, ambiguous invocation increases the risk of accidental activation that could start web scraping, modify monitored targets, read configured files, or send email using stored credentials without the user intentionally invoking the skill.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal