Back to skill

Security audit

Buy Anything

Security checks across malware telemetry and agentic risk

Overview

This skill can place real online orders, but its payment, data-sharing, and saved-token behavior are disclosed and tied to its shopping purpose.

Install only if you trust Rye, BasisTheory, and the supported store checkout flow. Use a spending limit, review item and total before confirming, and avoid saving the payment token unless faster future checkout is worth the added memory risk.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Memory PoisoningPersistent Context Injection, Context Window Stuffing, Memory Manipulation
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill is designed to trigger purchase flows from very broad natural-language prompts like 'Buy this' plus a URL, which increases the risk of unintended or socially engineered activation. In a purchasing skill that collects sensitive personal data and can place real orders, ambiguous activation is especially dangerous because a mistaken trigger can lead to financial loss and disclosure of shipping/contact details.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The usage flow asks the user to provide full name, shipping address, email, phone number, and a reusable payment token, but the README does not prominently warn that this information will be transmitted to third-party services such as Rye, merchants, and BasisTheory. This can mislead users about the privacy and data-sharing implications of using the skill, increasing the chance of uninformed disclosure of sensitive personal and payment-related data.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The activation criterion 'Wants to buy something from an online store' is broader than the rest of the skill's scoped support for Amazon and Shopify product URLs. In an agent environment, this can cause the purchase workflow to trigger on ambiguous shopping-related requests, increasing the chance of collecting sensitive data or initiating checkout steps when the user did not clearly intend to use this skill.

Persistent Context Injection

Medium
Category
Memory Poisoning
Content
## Spending Limit

Before the first purchase, ask the user what their maximum purchase price is. Store this in memory.
- If an order total (including any fees) exceeds the limit, warn the user and ask for confirmation
- User can say "no limit" to disable this check
Confidence
89% confidence
Finding
Store this in memory

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.