Back to skill

Security audit

ecommerce-market-analyzer-skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed e-commerce scraping workflow, but it includes anti-bot evasion guidance and broad auto-activation language that should be reviewed before installation.

Install only if you are comfortable with a local Playwright scraper that visits third-party sites, clicks consent/pop-up controls, and saves screenshots plus raw HTML to disk. Use explicit site lists, avoid authenticated or personal pages, review target-site terms, and do not use the anti-bot evasion or proxy-rotation advice without proper authorization.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (10)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The troubleshooting guidance explicitly recommends browser fingerprinting evasion and proxy rotation to get around anti-bot defenses. That materially increases the skill's capability from ordinary scraping to stealth-oriented access, enabling users to bypass site protections in ways that may violate terms, trigger abuse, or facilitate unauthorized data collection at scale.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The document presents the workflow as ethical and respectful while also advising stealth techniques to avoid anti-bot controls. This contradiction lowers operator caution and normalizes behavior that can cross compliance or legal boundaries, making misuse more likely in practice.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The example invocation phrases are broad enough to overlap with normal user requests about market research, which can cause the skill to activate unexpectedly. In this skill's context, unintended activation is more concerning because activation can trigger web scraping, popup handling, screenshot capture, HTML collection, and file creation against external sites without an explicit just-in-time warning.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The listed auto-activation triggers are ambiguous and insufficiently constrained, increasing the chance that ordinary requests are interpreted as permission to run the skill. Because this skill performs automated browsing and data collection across third-party websites, accidental activation can lead to unintended network activity, local artifact generation, and possible policy or terms-of-service issues.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README describes a workflow that runs a crawler and produces screenshots and HTML files, but it does not give a clear invocation-time warning about network access, data collection, and local file writes. That omission is dangerous because users may think they are requesting analysis only, while the skill may actually contact multiple sites and persist collected content to disk.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill encourages saving full-page screenshots and raw HTML from multiple sites without clearly addressing retention, sensitive content capture, or local handling requirements. Screenshots and HTML can contain personal data, identifiers, account-state information, or embedded tokens, so silent local storage creates unnecessary privacy and data-governance risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill recommends fingerprinting evasion and proxy rotation but does not warn about compliance, target-system impact, or user/account risk. Providing stealth tactics without guardrails materially raises the likelihood of abusive scraping, account blocking, legal issues, and broader misuse against protected services.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases are very broad and overlap with normal research or analysis requests, which can cause the skill to activate unexpectedly for users who did not intend to initiate automated scraping. In this skill's context, unexpected activation is more dangerous because the workflow includes browsing external sites, collecting HTML, taking screenshots, and producing local artifacts, increasing the chance of unanticipated data collection or side effects.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The summary advertises automated scraping, screenshot capture, HTML collection, and report generation, but does not clearly warn users that the skill will collect website data and create local files. That omission can lead to users unknowingly triggering persistent artifact creation or collecting sensitive page content, especially if the scraped pages contain personalized, regional, or account-influenced information.

Ssd 2

Medium
Confidence
97% confidence
Finding
The troubleshooting section contains stealth-oriented guidance framed as normal operational help, specifically for overcoming detection and blocking. In context, that converts a market-research scraper into a tool that can be adapted for covert scraping against sites actively attempting to deny automation, which materially increases abuse potential.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.