WooCommerce Stock Monitor

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it checks WooCommerce stock status and sends configured Telegram alerts, with business inventory details intentionally leaving the store environment.

Install only if you are comfortable sending product names, SKUs, and out-of-stock details to the configured Telegram chat. Use a read-only WooCommerce API key, keep the bot token private, confirm the chat ID before scheduling, use HTTPS for the WooCommerce URL, and remove the cron job when monitoring is no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The README explicitly states that the skill fetches data from WooCommerce and sends alerts to Telegram, but it does not clearly warn users that product metadata and links will be transmitted to third-party services over the network. This is not inherently malicious, but it can lead to uninformed deployment in environments where external data flows require review, consent, or compliance approval.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal