TACE

Security checks across malware telemetry and agentic risk

Overview

This is a coherent TACE commerce API skill, but it enables wallet-backed purchases and account/order changes without clear per-action confirmation safeguards.

Install only if you intend to let an agent interact with TACE commerce APIs. Require explicit approval before wallet signing, registration, order placement, cancellation, payment-status changes, agent deactivation, feedback submission, or webhook/subscription setup, and do not provide private keys or seed phrases.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: The skill exposes destructive operations such as agent deactivation and order cancellation but does not require or recommend explicit user confirmation, dry-run review, or safety interstitials before execution. In an agentic setting, omission of confirmation guidance increases the risk of unintended irreversible actions caused by prompt injection, task ambiguity, or user misunderstanding.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The contract includes transmission of personal profile data, wallet identifiers, address information, age band, and callback URLs, but provides no concrete consent, minimization-by-endpoint, retention, or destination validation guidance. In an agent skill, this can lead to overcollection of user data or unsafe webhook registration, especially when an autonomous agent assembles requests from loosely specified user tasks.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal