Back to skill

Security audit

FireAnt Stock Checker

Security checks across malware telemetry and agentic risk

Overview

This skill performs a disclosed Vietnamese stock lookup workflow using browser automation, with no evidence of hidden data access, destructive behavior, or persistence.

Install this only if you are comfortable with a skill opening Google and FireAnt.vn through the OpenClaw browser profile to retrieve market data. Use normal stock symbols or index names as input; avoid arbitrary URLs or unusual strings.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill advertises executable capabilities involving network access and shell usage, but does not declare permissions or constraints. This creates a governance and trust problem: callers may invoke a skill that can perform external access and command execution without explicit disclosure, increasing the risk of unexpected data exfiltration, environmental misuse, or unsafe automation.

Tp4

High
Category
MCP Tool Poisoning
Confidence
85% confidence
Finding
The documented behavior does not cleanly match the actual workflow: it performs Google search and browser automation not clearly disclosed in the top-level description, and may not fully support indices or all claimed metrics. This mismatch is dangerous because users and policy systems may authorize a seemingly simple quote lookup while the skill actually performs broader web navigation and scraping, expanding attack surface and undermining informed consent.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
This stock lookup skill has the ability to drive a general browser automation CLI on the host, which is broader than its stated purpose and increases the consequences of compromise or prompt abuse. Even though this specific script uses a narrow set of browser actions, embedding host-level browsing capability in a simple data-retrieval skill expands the trust boundary unnecessarily.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.