Amazon Listing Doctor

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Amazon listing review helper, with documentation transparency issues but no evidence of data theft, account access, persistence, or destructive behavior.

Use this only with listing content you are comfortable processing in your agent environment. Avoid pasting confidential unreleased products, proprietary keyword strategy, or internal marketing plans unless that matches your data policy, and run the included Python helper only deliberately after normal local-script review.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The trigger phrase "Listing评分" is broad enough to match generic Amazon listing scoring or evaluation requests that may not specifically intend to invoke this skill. Overbroad triggers can cause unintended activation, routing user data to the wrong skill, and degrade trust or lead to inappropriate outputs in multi-skill environments.

Ssd 2

Medium

Confidence: 82% confidence
Finding: The compliance checklist explicitly instructs authors to avoid certain 'sensitive' terms and omit a Security & Privacy section, while preserving similar operational intent through softer wording. That is a red flag because it encourages security-by-obfuscation and can hide risky capabilities or data-handling behavior from reviewers and users, reducing transparency and weakening downstream governance.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal