Security audit

icosmos.space

Security checks across malware telemetry and agentic risk

Overview

This Shopify operations skill is mostly coherent, but it handles store credentials, locally cached Shopify tokens, order data, and a real blog-publishing action without enough scoping detail in the reviewed artifact.

Review before installing. Only use this if you trust the separate icosmos-shopify CLI and the Supabase account it authenticates against. Before running setup, confirm where Shopify tokens are cached, how to delete them, what Shopify Admin API scopes they carry, and review any article carefully before using --confirm.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The trigger keywords are broad enough that ordinary Shopify operations discussions could invoke this skill unexpectedly. Because the skill can fetch cached store domains and tokens and has a write-capable blog publish path, accidental invocation expands exposure to sensitive commerce data and unintended actions.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal