Security audit

Amz Hot Keywords

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward AMZ123 keyword-scraping skill that opens Chrome, sends the user’s keyword to AMZ123, and writes local CSV or JSON results.

Install this only if you want a Selenium-based scraper for AMZ123. Expect it to open Chrome, contact amz123.com with your search keyword, and create local output files; choose the output directory deliberately and consider the site’s terms or workplace network rules before running it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The script launches a browser to visit a third-party site and scrape data without any user-facing disclosure that outbound network access will occur. While this appears consistent with the skill's stated purpose and is not overtly malicious, undisclosed external requests can surprise users, leak search terms to the third party, and create privacy/compliance issues in environments that expect explicit notice or consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal