Back to skill

Security audit

stock-portfolio-aisa-api

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local portfolio tool, but users should not treat its generated price quotes as guaranteed market data.

Install only if you are comfortable storing portfolio holdings and cost basis in a local plaintext JSON file and sending ticker symbols to AISA for pricing. Verify important prices with a real market-data source before making financial decisions, and use delete/remove commands carefully because they mutate the saved portfolio file.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Low
Confidence
84% confidence
Finding
The documentation says state is stored under `./.clawdbot/skills/stock-analysis/portfolios.json`, which does not match the `stock-portfolio` skill namespace. This inconsistency can cause accidental cross-skill data access, overwrites, or confusion about where portfolio data is persisted.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The code obtains 'live prices' by prompting a general chat-completions model and trusting its JSON output as authoritative market data. This is dangerous because LLM outputs can be hallucinated, stale, or manipulated by model behavior, causing incorrect valuations and trading decisions in a portfolio-management context.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The documentation states prices are fetched via an AIsa API, but the implementation actually uses an OpenAI-compatible chat completion flow with prompt-engineered extraction. This misrepresentation can mislead users and operators about data provenance and reliability, reducing their ability to assess risk and trustworthiness.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.