Strategy Translator

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only trading strategy translation helper with disclosed file-editing authority and no hidden execution, credential access, persistence, or exfiltration behavior.

Install this only if you want an agent to help create or edit trading strategy code and documentation in a repository. Review all generated file changes and independently validate any trading logic, backtests, assumptions, and risk controls before using the output for real trading or financial decisions.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The manifest says this skill is for translating trading strategies between frameworks and languages, such as Pine Script to Python or cross-platform migration. However, the 'Use When', 'Inputs', 'Outputs', and 'Workflow' sections describe a much broader capability covering datasets, backtests, ML, reporting, evaluation design, and producing repo-ready code and run commands, which exceeds simple translation behavior.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal