Back to skill

Security audit

Amazon Reviews Api Skill

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward BrowserAct integration for fetching Amazon reviews by ASIN, with expected third-party API use and no hidden persistence or destructive behavior.

Install this only if you intend to use BrowserAct for Amazon review extraction and are comfortable setting BROWSERACT_API_KEY. Confirm before running it on a product ASIN, and treat returned reviewer profile links or country data as personal or profile-related information that may have privacy or platform-policy implications.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill declares access to an environment variable and invokes a Python script that calls an external API, but it does not clearly declare or constrain those capabilities as permissions. This creates a transparency and governance gap: an agent may access secrets and perform networked data retrieval without an explicit permission boundary, making misuse or overreach harder to detect and review.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The description tells the agent to proactively apply the skill for a wide range of common research, analysis, and monitoring requests, which is overly broad for a networked data-extraction tool. That increases the chance of unintended activation, causing the agent to send user queries or target product identifiers to a third-party service without clear user intent or necessity.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly advertises collecting reviewer profiles and profile links for market research, but provides no privacy warning, minimization guidance, or limitation on handling personal data. Even if the information is publicly visible, aggregating profile identifiers at scale can facilitate profiling, scraping of individuals, or downstream privacy misuse beyond the user's reasonable expectations.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script sends both user-supplied ASIN data and a bearer API token to a third-party service, but provides no meaningful user-facing disclosure about what data is being transmitted or to whom. In an agent skill context, this is risky because the skill description encourages proactive use, increasing the chance data is sent off-platform without the user's informed consent.

External Transmission

Medium
Category
Data Exfiltration
Content
# 1. Start Task
    print(f"Start Task", flush=True)
    try:
        res = requests.post(f"{API_BASE_URL}/run-task-by-template", json=payload, headers=headers).json()
    except Exception as e:
        print(f"Error: Connection to API failed - {e}", flush=True)
        return None
Confidence
93% confidence
Finding
requests.post(f"{API_BASE_URL}/run-task-by-template", json=

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.