Options Spread Conviction Engine

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real options-analysis skill, but it asks for more installation authority than its purpose needs and gives actionable trading outputs that users should review carefully.

Install only if you are comfortable with a finance-analysis tool that fetches market data, creates a local Python environment, and caches options data. Avoid running the sudo /usr/local/bin symlink step unless you have verified it is necessary, and treat all EXECUTE/PREPARE outputs as research signals rather than trading instructions.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (9)

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The documentation explicitly states this scanner is 'replacing the technical-indicator-heavy conviction engine,' which conflicts with the manifest’s declared scope and can mislead downstream agents or users about what the skill actually does. In an agent ecosystem, scope drift is security-relevant because callers may invoke the skill under false assumptions about available controls, methodologies, or risk-management features.

Description-Behavior Mismatch

Medium

Confidence: 89% confidence
Finding: The documented features supersede key manifest capabilities such as regime detection, GARCH forecasting, Kelly sizing, and walk-forward backtesting without clarifying whether those controls still exist. This is dangerous because users or orchestrating agents may rely on the manifest’s stronger risk and validation claims, while the documented scanner appears to omit them, leading to unsafe or poorly governed trading decisions.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: Claiming to replace the manifest’s core conviction engine creates a direct contradiction about the skill’s purpose and operational boundaries. In security terms, contradictory identity/purpose documentation undermines trust, reviewability, and safe composition, because agents may route sensitive financial analysis tasks to a component whose behavior and guarantees no longer match registered expectations.

Intent-Code Divergence

Medium

Confidence: 98% confidence
Finding: The code mixes implied and realized volatility units between percentage points and decimals. This can invert or materially distort VRP calculations and downstream trade recommendations, causing the engine to systematically misprice options edge and produce unsafe trading signals in an automated decision context.

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: The demo reinforces contradictory unit semantics by multiplying outputs by 100 for display while the core API comments and VRP logic use inconsistent assumptions. In a financial skill, misleading examples are dangerous because users often copy demo usage directly, propagating incorrect inputs and biased strategy decisions.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The document presents actionable financial recommendations such as WAIT/WATCH/PREPARE/EXECUTE and concrete strike suggestions without a clear warning that the output is informational only and can materially affect users' finances. In a trading skill, this context makes the issue more dangerous because users may treat the output as execution-grade advice, increasing the risk of unsuitable trades and financial harm.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The README presents the tool as providing actionable trading outputs such as 'EXECUTE', 'PREPARE', position sizing, and strategy recommendations before any prominent financial-risk warning appears. That framing can encourage users to treat the skill as decision-grade advice, increasing the chance of harmful financial actions based on incomplete, unvalidated, or misunderstood model outputs.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The skill promotes automated scanning and trade selection without any prominent disclaimer that outputs are informational only and not financial advice. In a finance-oriented skill, this increases the risk that users over-trust the tool's recommendations and act on them without understanding limitations, potentially causing material financial loss.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The optimizer generates unlimited- or extreme-loss strategies such as short straddles and short strangles without mandatory warnings, hard risk blocks, or explicit user opt-in. In a trading automation skill, this is dangerous because downstream consumers may execute or recommend these positions as if they were routine strategies, creating outsized financial harm from normal use rather than a rare edge case.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal