Back to skill

Security audit

Jarvis Stock Monitor

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed stock monitoring skill with expected market-data lookups and a user-started background monitor, but users should understand it stores portfolio-like details locally and produces advisory-style alerts.

Before installing, review the watchlist and costs because they reveal financial interests to market-data providers during polling. Start the daemon only when you want continuous monitoring, know how to stop it with the control script, and treat generated buy/hold/sell-style suggestions as non-professional analysis.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill documentation and referenced file structure indicate network-capable behavior such as market/news fetching, but no corresponding permissions are declared. This creates a transparency and consent problem: users and hosting platforms cannot accurately assess or constrain outbound access, and hidden network use is especially sensitive in a background monitoring tool.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The documented/observed behavior materially exceeds the stated purpose of a stock monitoring skill by adding news scraping, sentiment analysis,资金流/龙虎榜 retrieval, macro gold correlation, and advisory-style report generation. This mismatch is dangerous because it defeats informed user consent, obscures data flows and operational scope, and suggests premium/paywalled behavior is not actually enforced, enabling unreviewed functionality to run silently.

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
Reframing the tool from monitoring into an 'intelligent investment advisory system' expands it into higher-risk decision-support behavior. In the context of finance, actionable advice can materially influence user trades, so under-describing this capability increases the chance of users relying on opaque or unvetted recommendations.

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The paid feature list includes a Kimi-integrated analysis engine and advisory suggestions that are not reflected in the manifest's simpler monitoring description. This hidden expansion of capability matters because it may transmit financial context to third-party AI services and produce persuasive outputs without users understanding the processing path.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The sample alerts include concrete suggestions such as continuing to hold, trimming positions, or watching for rebounds, which goes beyond passive monitoring into investment guidance. In a trading context, this is more dangerous than a generic wording issue because users may act on the recommendations despite the skill being presented as an alerting tool.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The installation flow instructs users to create a local configuration file containing holdings/cost data and launch a persistent background daemon, but omits security warnings about sensitive financial data storage, long-running execution, and ongoing network activity. In a skill that monitors markets continuously, this omission increases the risk of users unknowingly exposing portfolio information or leaving unattended processes running with broader-than-expected access.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.