Brand Protection Shopify

Security checks across malware telemetry and agentic risk

Overview

This is a manual brand-protection helper, but it is marketed for Shopify/DTC while the scripts mostly cover Amazon workflows, so users should verify it fits their platform before using its templates.

Install only if you want Amazon-oriented brand-protection templates despite the Shopify/DTC branding. Treat all complaint, cease-and-desist, MAP, and test-buy output as drafts; verify facts, platform rules, and legal claims before sending anything to a seller, Amazon, Shopify, or another third party.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 97% confidence
Finding: The skill metadata and documentation present this as a Shopify/DTC brand-protection tool, but the analyzed behavior reportedly includes Amazon-specific complaint workflows, MAP violation handling, test-buy guidance, and ASIN/listing/seller reporting. This mismatch is security-relevant because users may supply data, make legal/compliance decisions, or run workflows under false assumptions about scope and platform handling, increasing the risk of misuse, improper notices, or unintended actions against third parties.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal