Security audit

API Merchant Fee

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate merchant-fee lookup skill, but it automatically stores and reuses merchant API credentials locally in plaintext.

Review before installing. Use it only if you are comfortable with merchant API credentials being saved under scripts/.auth.json for reuse. Prefer per-session credentials or a secure secret store, confirm the API endpoint, restrict file permissions, and delete or rotate the stored API key on shared or synced machines.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (7)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill describes file read, file write, and network behavior but does not declare any permissions or boundaries for those capabilities. This weakens transparency and reviewability, making it harder to assess what data may be persisted or transmitted, especially since the skill handles API credentials and merchant data.

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: The script stores reusable API credentials, including the API key, in a local .auth.json file on disk even though the skill is described as a query tool. Persisting secrets expands the attack surface: other local users, malware, backups, or accidental file disclosure can recover credentials and reuse them to access the merchant-fee API.

Description-Behavior Mismatch

Medium

Confidence: 97% confidence
Finding: The main flow silently saves authentication material after execution regardless of success or failure, which is behavior outside the stated query-only scope. This creates a hidden persistence mechanism for secrets and increases the chance of credential leakage or unintended reuse across sessions.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill instructs that agentNo and apikey are automatically saved to a local file for reuse, but gives no warning that these are sensitive credentials or that they will persist across sessions. Users may unknowingly expose reusable API secrets to other local processes, future tasks, or operators with filesystem access.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The script saves API credentials locally without any user-facing warning, confirmation, or disclosure. Hidden storage of secrets is risky because users may not realize credentials remain on disk and can be accessed later by other processes, users, or compromise of the host.

Ssd 3

Medium

Confidence: 98% confidence
Finding: The skill explicitly directs persistent local storage and later reuse of user-supplied API credentials. Persisting reusable secrets in a local file creates a clear credential exposure path and increases blast radius if the host, workspace, logs, backups, or neighboring tasks can access that file.

Ssd 3

Medium

Confidence: 97% confidence
Finding: The workflow tells the agent to read previously saved credentials from local storage and use them for later queries. In a multi-user or multi-task environment, this can cause cross-user credential reuse, unauthorized API calls, and accidental disclosure of one agent's secrets and merchant data to another request context.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal