Ecom Monitor - 电商数据分析助手

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only e-commerce monitoring skill with disclosed alerting and scheduled-monitoring steps, but users should inspect any missing scripts before running them.

Install this as guidance only. Do not run the referenced requirements file, Python scripts, alert test, or cron installer unless those files come from a trusted source and you have reviewed what they install, what notifications they send, and how to disable the scheduled task.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill documentation instructs users to run alerting and cron setup commands that can send notifications and modify scheduled tasks, but it does not clearly warn about these side effects or require explicit confirmation. In an agent-skill context, that increases the chance of unintended outbound messaging or persistence-like behavior being triggered by a user or automation without informed consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal