Back to skill

Security audit

Agent Commerce Engine

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed e-commerce client that stores tokens locally and talks to user-selected store APIs, with no artifact evidence of hidden exfiltration or destructive behavior.

Install only if you are comfortable letting an agent manage shopping carts, profile details, order creation, and locally stored store tokens. Prefer trusted HTTPS store URLs, avoid giving passwords unless you intend to log in or register, use logout when finished, and review compatible store backends before sending personal shipping or account data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill advertises no explicit permissions, yet the documentation clearly describes capabilities requiring shell execution, network access, environment-variable use, and local credential file reads/writes. This creates a transparency and consent gap: an agent or platform may authorize a broader set of actions than the user expects, including persistent storage of tokens and outbound requests to arbitrary commerce backends.

Tp4

High
Category
MCP Tool Poisoning
Confidence
76% confidence
Finding
The stated purpose emphasizes discovery, cart operations, and secure user management, but the documented behavior also covers order creation/history, promotions, brand/company/contact retrieval, and local enumeration/migration of stored credentials across stores. This mismatch can hide materially broader data access and persistence behavior from reviewers and users, increasing the chance of over-privileged deployment or unexpected handling of personal and account data.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The specification explicitly defines transmission of sensitive identifiers and credentials in custom headers, including `x-user-password`, but provides no accompanying requirements for transport security, redaction, storage limits, logging controls, or token lifecycle protections. In an agentic commerce context, these values are likely to traverse multiple components and logs, increasing the chance of credential exposure or account compromise if implementers copy the example verbatim.

Session Persistence

Medium
Category
Rogue Agent
Content
# Standard Agentic Commerce Engine

The **Standard Agentic Commerce Engine** is a standard client and protocol guide for connecting agents to compatible e-commerce backends. It gives agents a consistent way to search products, manage carts, access account data, create orders, and hand payment back to the user.

GitHub Repository: https://github.com/NowLoadY/agent-commerce-engine
Confidence
88% confidence
Finding
create orders, and hand payment back to the user. GitHub Repository: https://github.com/NowLoadY/agent-commerce-engine ## Quick Start: Backend Integration The `agent-commerce-engine` includes a ser

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.