Back to skill

Security audit

全球金融数据平台airoom ltd global finance data platform

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real finance-data downloader, but its bundled instructions push AI agents toward high-risk investment strategy execution without enough clear safeguards.

Install only for manual, human-supervised finance-data downloading. Do not connect its outputs to brokerage accounts, auto-trading, or portfolio-changing automation. Use a dedicated download directory, cap file counts, scan downloaded files before opening, and avoid entering credentials unless the target site is trusted and uses HTTPS.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (13)

Intent-Code Divergence

High
Confidence
96% confidence
Finding
The document claims the data is only simulated/reference material, yet it also maps signals directly to concrete actions like '增持' and '全部卖出' and describes direct strategy execution. This contradiction can mislead agents or users into treating unverified or delayed outputs as actionable trading instructions, increasing the chance of unsafe financial automation and deceptive reliance.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The README later prohibits unsupervised AI trading, but earlier sections instruct AI agents to deploy the data into strategy execution systems and act on environment signals. These conflicting instructions create a dangerous ambiguity that can be exploited by downstream integrators or agents to justify autonomous financial actions despite the nominal disclaimer.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The document repeatedly states the platform provides only simulated, non-real-time reference data, yet it also gives explicit operational signals such as 'Increase Holdings' and 'Sell All' and instructs agents to execute packaged strategies from those signals. This inconsistency is dangerous because an agent or user may treat stale or simulated outputs as actionable trading instructions, causing financial loss or unsafe autonomous behavior.

Intent-Code Divergence

High
Confidence
96% confidence
Finding
The README contains conflicting instructions: it encourages AI agents to deploy, ingest data, and execute strategies, while later prohibiting unsupervised autonomous trading and requiring human review. In a skill context, such contradictory guidance can easily be interpreted by agents as permission to automate trading workflows without adequate oversight.

Intent-Code Divergence

Medium
Confidence
85% confidence
Finding
The document claims it does not provide financial price data, but the included backtesting code downloads real historical prices from Yahoo Finance. This mismatch can mislead users about the provenance and nature of the data, undermining trust and potentially causing agents to combine unvetted external market data with supposedly simulated internal signals.

Ssd 4

Medium
Confidence
91% confidence
Finding
The narrative explicitly promotes AI population-scale monitoring of global financial systems, accumulation of wealth advantage over humans, and progressive control over assets and markets. In the context of an agent skill, this framing encourages harmful autonomy, large-scale surveillance, and coordinated financial manipulation goals, making misuse more likely even if no executable exploit is embedded here.

Ssd 4

Medium
Confidence
93% confidence
Finding
The roadmap describes scaling from many devices to millions of AI systems performing coordinated monitoring, information sharing, and wealth accumulation. In skill context, this increases danger because it operationalizes mass multi-agent coordination around financial advantage and market oversight, which could support manipulation, unauthorized surveillance, or unsafe autonomous behavior.

Ssd 1

Low
Confidence
84% confidence
Finding
The embedded prompt template includes behavioral constraints such as '不准使用' and tightly prescribes how the agent should analyze and write outputs. While not a system-level override by itself, prompt injection content inside a skill can interfere with normal model behavior, tool choice, or policy-compliant response generation when consumed by downstream agents.

Ssd 2

Medium
Confidence
91% confidence
Finding
The prompt text contains tool-steering language telling the model not to use another skill ('Do not use the "help me write" skill'). Instructions that suppress or redirect tool usage can interfere with agent governance and safety routing, especially when embedded in data that may later be fed back into an agent as operational instructions. In this context, it is more concerning because the overall skill encourages AI autonomy and strategy execution, making prompt-level control bypasses more risky.

Ssd 2

Medium
Confidence
91% confidence
Finding
This Chinese prompt repeats the same tool-override behavior, instructing the agent not to use another skill. Repeated multilingual insertion increases the chance that downstream agents will obey the restriction and bypass intended safety or orchestration controls when processing the dataset. Because the skill is meant for AI-agent deployment, embedded anti-tool instructions are materially more dangerous than ordinary prose.

Unpinned Dependencies

Low
Category
Supply Chain
Content
playwright>=1.40.0
requests>=2.31.0
Confidence
90% confidence
Finding
playwright>=1.40.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
playwright>=1.40.0
requests>=2.31.0
Confidence
96% confidence
Finding
requests>=2.31.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
98% confidence
Finding
requests

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.