Back to skill

Security audit

Shopping Expert

Security checks across malware telemetry and agentic risk

Overview

This shopping helper looks legitimate, but it sends search terms and any local-search location you provide to third-party shopping and maps APIs.

Install only if you are comfortable using your own SerpAPI and Google Places API keys and sending shopping queries, preferences, country codes, and any local-search location you provide to those services. Use online mode when you do not want to share location details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill requires environment variables for API keys and performs outbound network access, but the skill file does not declare permissions explicitly. This creates a transparency and policy-enforcement gap: users or orchestrators may invoke a networked, secret-consuming skill without clear permission signaling, increasing the chance of unintended data exposure or overbroad execution.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The invocation description is broad enough to match many ordinary shopping or product-related requests, which can cause the skill to run in situations where the user did not intend third-party shopping lookups. Because this skill can send queries and possibly location data to external APIs, over-triggering increases privacy and consent risks rather than being a purely UX issue.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill states that Google Places and SerpAPI keys are used, but it does not clearly warn users that local and hybrid searches transmit their product query and location to third-party services. In a shopping skill, location is especially sensitive because it can reveal where a user lives, works, or shops, so the lack of explicit disclosure undermines informed consent.

Missing User Warnings

Medium
Confidence
73% confidence
Finding
When local or hybrid search is used, the script sends user-supplied location text and derived coordinates to Google Places without any explicit privacy notice or consent flow. In an agent skill context, users may not realize their location data is being transmitted to an external provider, creating a privacy and compliance risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.