Back to skill

Security audit

Fake International Brand Detector

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it needs Review because it can auto-run external brand searches and may produce confident brand-fraud labels from hardcoded or placeholder checks.

Install only if you are comfortable with brand names and research topics being sent to third-party search and marketplace services. Treat its authenticity verdicts as investigative leads, not proof, and manually verify any negative or high-confidence brand-fraud conclusion before relying on it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The function claims to verify Amazon seller location but returns hardcoded CN values and a failed match regardless of any real inputs. This creates fabricated evidence in the brand-classification workflow, which can systematically mislabel brands and drive false fraud decisions or reputational harm.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The trademark timeline function is presented as an analysis step but only returns placeholder text and a zero score. Because downstream logic treats this as a real verification signal, users may believe a legal/IP chronology check occurred when in fact no validation was performed.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The file advertises an enhanced multi-check brand verification workflow, but nearly all verification functions are hardcoded stubs that print "skip" and return canned values. In a security or trust-evaluation context, this is dangerous because users may rely on fabricated or incomplete verification results, leading to false assurance and incorrect classification of brands.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The skill declares default automatic activation on broad keyword matches such as inquiries about brand authenticity or supplements, which can cause the skill to run without clear user intent. In an agent setting, broad auto-invocation increases the chance of unintended network access, data processing, or misleading outputs being produced in contexts where the user did not explicitly request this tool.

Natural-Language Policy Violations

Medium
Confidence
86% confidence
Finding
The skill is presented entirely in Chinese and indicates automatic activation, creating a locale/language assumption without user opt-in. This can degrade user understanding, consent, and reviewability, especially if the skill executes automatically or returns judgments the user cannot readily verify.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The script writes a report to /tmp automatically without prior disclosure or user-controlled path selection. In an agent or shared execution environment, silent filesystem writes can expose potentially sensitive brand queries/results to other local users or processes and may violate least-surprise expectations.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script sends brand queries to the external Tavily API without user notice, consent, or clear disclosure. In an agent skill context, undisclosed outbound transmission can leak sensitive investigative targets, client interests, or internal research activity to a third party.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.