Back to skill

Security audit

Creem Agent

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent for Creem store operations, but it gives an agent recurring live billing access and automatic account-changing authority without enough user control.

Install only if you are comfortable giving this skill live Creem billing access and recurring automation. Use a narrowly scoped API key if Creem supports it, review Discord/webhook destinations, and require human approval outside the skill before creating discounts, sending customer-facing recovery links, or changing pricing-related store state.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Vague Triggers

Medium
Confidence
85% confidence
Finding
The description is broad enough that the skill may be invoked for a wide range of natural-language requests about revenue, subscribers, payments, or store health, even when the user did not intend to trigger a high-privilege operational agent. Because this skill can authenticate with a production API and take actions like generating billing links or creating discounts, unintended invocation increases the chance of unauthorized or surprising actions.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The instructions require use of a live API key and execution of authenticated commands against an external payment platform without any user-facing warning or confirmation boundary. This creates a significant risk that sensitive billing data will be accessed or operational actions will be taken automatically in response to routine prompts.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill directs outbound HTTP requests to external domains and instructs generation of customer billing portal links without warning that customer identifiers and store context may be transmitted or exposed. In a payment operations context, even seemingly routine link generation can leak sensitive billing access URLs or propagate customer data to third-party endpoints.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill is explicitly authorized to create discounts via authenticated API calls, which changes store state and can directly affect revenue, customer entitlements, and abuse exposure, yet there is no warning or approval step. Autonomous financial incentives in response to churn signals are especially risky because accidental or malicious triggering can cause unauthorized discounts at scale.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The script fetches customer, transaction, and subscription data and writes subscription identifiers and statuses to a predictable file under ~/.creem without setting restrictive permissions or minimizing stored data. On multi-user systems or environments with weak home-directory protections, this can expose business-sensitive customer and churn information, and the autonomous monitoring context increases the amount of data collected over time.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This instruction explicitly directs the agent to take an external account-affecting action by generating churn discount codes automatically, without confirming user intent or authorization. In a SaaS operations skill with tool access to a live Creem store, this can cause unauthorized pricing changes, financial loss, and abuse through prompt injection or ambiguous user requests.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.