Back to skill

Security audit

Price Monitor

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims: monitor user-specified product pages and save local price history, with no evidence of hidden exfiltration or destructive behavior.

Install only if you are comfortable with the skill browsing the URLs you provide and storing monitoring history locally. Keep product lists and history files private if they reveal personal purchases or business research, verify that your agent-browser executable is trusted, and be careful before adding email or Discord webhook alerts because those would share monitoring data with third-party services.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill promotes automated logging and outbound alerts via email or Discord webhook without warning that monitored data, URLs, or potentially sensitive page contents may be stored locally or transmitted to third parties. In a monitoring skill, this materially increases the chance of accidental data leakage, especially if users point it at authenticated pages, internal sites, or pages containing personal or commercial information.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.