Back to skill

Security audit

BrickLink

Security checks across malware telemetry and agentic risk

Overview

This BrickLink CLI appears purpose-built, but it can change a live store account and persist customer order data locally without enough safeguards.

Install only if you intend to let this skill use BrickLink OAuth credentials with store read/write authority. Treat every mutating command as a live account action, double-check order and inventory IDs, and avoid generating order detail or invoice HTML on shared machines unless you choose a private output path and clean up the files afterward.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
85% confidence
Finding
The skill includes HTML rendering/export functionality that writes detailed order and invoice data to local files and, when enabled, fetches external image content from a separate host. In an agent-skill setting, this increases the data-handling and network surface beyond a simple API helper, creating additional privacy and exfiltration risk if invoked unexpectedly or on sensitive orders.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The skill exposes multiple state-changing operations—order updates, payment status changes, feedback posting, inventory creation/update/deletion, and outbound emails—without prominent warnings that these commands modify live BrickLink account data. In an agentic context, this can lead to unintended transactional changes, inventory corruption, customer-facing actions, or data loss if invoked automatically or by mistake.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The order-detail HTML export persists buyer personal data such as name, address, email, and phone number to disk without any explicit warning, consent prompt, or minimization. In an agent environment, silent creation of local files containing PII can lead to unintended retention, disclosure through shared workspaces, or later collection by other tools.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The invoice export similarly writes customer-identifying information to a local HTML file with no visible disclosure or retention controls. Because invoices are likely to include address, contact details, and order information, accidental local persistence materially increases privacy risk in shared or automated environments.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
_add_inventory_common_args(p, include_item=False)
    p.set_defaults(func=cmd_update_inventory)

    p = sub.add_parser("delete-inventory", help="DELETE /inventories/{inventory_id}")
    p.add_argument("inventory_id", type=int)
    p.set_defaults(func=cmd_delete_inventory)
Confidence
89% confidence
Finding
DELETE /inventories/{inventory_id}

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.