productOptimizer

Security checks across malware telemetry and agentic risk

Overview

This skill is purpose-built for BigCommerce optimization, but it can autonomously overwrite many live product listings with a write-capable token and no built-in approval checkpoint.

Install only if you are comfortable giving an agent write access to your BigCommerce catalog. Use a temporary least-privilege Products token, back up or export the catalog first, run on a small subset, review generated update JSON before pushing, and require explicit approval for each batch.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 95% confidence
Finding: The skill clearly performs file reads/writes and network calls to a live BigCommerce API, yet it declares no explicit permissions. This creates a transparency and enforcement gap: users and any policy layer cannot reliably assess or constrain the skill's operational capabilities before it modifies local files or production store data.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger phrases are broad enough to match ordinary ecommerce content requests, and the skill is designed to autonomously perform bulk live updates. That mismatch can cause accidental activation in contexts where a user intended advisory help, not immediate store-wide modification.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill describes fetching products, generating rewritten content, and pushing updates back to the live store without an explicit warning that this modifies production data. Because it is built for autonomous bulk operation, a mistaken invocation or low-quality generated content could overwrite many listings at scale before the user realizes what is happening.

Natural-Language Policy Violations

Medium

Confidence: 94% confidence
Finding: The instruction to immediately continue to the next page and not wait for user input removes an important human checkpoint during a destructive workflow. In a live ecommerce environment, this can amplify mistakes, prompt-injection-influenced content, or bad generation quality across the entire catalog before intervention is possible.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script accepts the BigCommerce API token directly as a command-line argument, which can expose the secret through shell history, process listings, job logs, or orchestration telemetry. In this skill’s autonomous bulk-update context, compromise of that token could allow unauthorized reading and modification of store product data at scale.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal