Back to skill

Security audit

Skill Amazon Listing Optimizer

Security checks across malware telemetry and agentic risk

Overview

This skill has a coherent Amazon image-fixing purpose, but it needs Review because it can alter live listings and exposes an unauthenticated public file server with a real path-traversal risk.

Review carefully before installing. Use least-privilege SP-API credentials, keep credentials outside any served directory, avoid exposing the bundled local HTTP server on an untrusted network, prefer a controlled object store or presigned URLs, test on one SKU first, and back up listing attributes before any bulk push.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (10)

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The skill is presented as an image optimizer, but it also documents a script that edits listing titles. Hidden or undeclared write capabilities to unrelated listing fields expand the blast radius from image correction to catalog content tampering, which is especially risky in a production seller account context.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
Title editing is not necessary to audit or pad images, so its presence indicates over-scoped functionality. In the context of direct SP-API access to live listings, an unrelated mutation feature could be abused to alter product metadata, damage SEO, or inject misleading content.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The implementation materially underdelivers on the skill’s advertised behavior: it only audits image dimensions and optionally writes a local JSON report, but does not pad images or push updates via SP-API. In an automation context, this is dangerous because operators may rely on the manifest description and assume remediation occurred, leaving non-compliant or broken listing images live across many SKUs.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The documentation suggests a general listing-image audit, but the code checks only square-ness and minimum size. This can create a false sense of compliance coverage, causing users to miss other important image defects such as format, background, watermarks, cropping, or marketplace policy issues.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README promotes automatic modification of live Amazon listings and temporary public HTTP hosting of images, but gives no caution about exposing product assets or making irreversible production changes. In an agent skill context, this increases the chance of users running high-impact write operations against real seller accounts without understanding the operational and security implications.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The Quick Start instructs users to point the tool at SP-API credentials and immediately perform write actions against listings, without warning that these credentials are sensitive and grant live modification capability. This is dangerous because users may mishandle credential files, run the commands in unsafe environments, or unintentionally alter production listings at scale.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README requires a publicly accessible IP and open port for serving images but does not warn about network exposure, unauthorized access, or limiting server lifetime and scope. Even if intended for Amazon crawling, exposing an HTTP server to the internet can leak product images and create an attack surface if users deploy it insecurely.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The documentation advertises automatic re-upload to live listings without prominently warning that it performs production changes. This increases the chance of accidental modification of active product content, which can affect listing quality, compliance, and sales across marketplaces.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill describes exposing a temporary public HTTP server so Amazon can fetch images, but it does not clearly warn that listing images become publicly reachable on an open port. This can unintentionally expose media assets, enlarge the attack surface, and lead operators to run an internet-accessible service without basic security controls.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script binds an HTTP server to 0.0.0.0, determines a public IP, and constructs plain HTTP URLs for local files so Amazon can crawl them. This exposes local image files on a publicly reachable unauthenticated port for 15 minutes, and because the request path is joined directly to the serving directory without normalization checks, a crafted path could potentially read files outside the intended directory via traversal sequences.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access, suspicious.exposed_secret_literal

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/audit.js:16

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/push_images.js:17

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
scripts/audit.js:25

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
scripts/push_images.js:26