pangolinfo-amazon-listing-optimization

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Amazon listing optimization workflow that uses Pangolinfo's hosted MCP service and does not contain local code or hidden install behavior.

Install this only if you intend to use Pangolinfo's hosted MCP service. Treat ASINs, product strategy, listing drafts, and search prompts as data sent to that service; keep the API key out of chat, review Pangolinfo's terms/privacy posture, and avoid submitting secrets or unnecessary personal data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill instructs users to connect to a hosted third-party MCP endpoint and transmit Amazon/product research queries through it, while prominently discussing API-key setup and credits but not giving a clear user-facing disclosure about what data is sent, who operates the service, retention/logging expectations, or privacy implications. This can cause users to unknowingly route potentially sensitive business inputs, ASIN strategy data, and prompts to an external service, increasing confidentiality and compliance risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal