Agent Commerce Engine

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate commerce skill, but its credential handling has enough concrete weaknesses that users should review it before installing.

Install only if you are comfortable letting an agent manage carts, profile details, and unpaid order creation for trusted stores. Use only known HTTPS store URLs, avoid HTTP except exact local development hosts, review registration output for token leakage, and confirm cart, profile, and order changes before execution.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The spec instructs clients to send `x-user-password` as an HTTP header during authentication. Secrets placed in custom headers are commonly captured by reverse proxies, access logs, APM tooling, debugging middleware, and error traces, increasing the chance of credential disclosure beyond the application boundary. In an agentic commerce context, this is especially risky because multiple intermediaries may handle requests and telemetry.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The client stores account identifiers and API tokens in plaintext JSON on disk. Even though the file is chmod'd to 0600, tokens remain recoverable by local malware, backups, or other processes running as the same user, which can enable account takeover against the commerce backend.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal