Back to skill

Security audit

Upload Skill

Security checks across malware telemetry and agentic risk

Overview

This appears to be a sandbox-only payment-link helper with a local test script, not a hidden or destructive skill.

Use this only with a local sandbox payment service. Do not provide production payment credentials or connect it to a real payment processor without reviewing and fixing the credential handling, authentication headers, and logging behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The script defines an API key but never includes it in the outbound request, despite comments indicating the flow is for payment-link creation. This creates a mismatch between expected and actual security posture: requests may fail open in a test environment, encourage unauthenticated access patterns, or mislead users into believing authentication is enforced when it is not.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill describes actions involving payment links, webhook management, logging, and use of an API key, but it does not provide a clear user-facing warning that these operations may transmit data externally, create externally accessible resources, or handle sensitive financial workflow data. In an agent setting, that omission can cause users to invoke the skill without understanding privacy and system-impacting consequences, increasing the risk of unintended disclosure, external calls, or unsafe automation around payment infrastructure.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
A hardcoded API credential in source code is a real secret-management weakness because it can be exposed through source control, logs, package distribution, or reuse in other environments. Even though the value shown is simple and may be a placeholder, embedding credentials directly in code normalizes unsafe handling and can become high risk if copied into real workflows.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.