Fund Manager

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a finance assistant that gives actionable fund and trading guidance while also reusing local portfolio memory, so users should review it carefully before installing.

Install only if you are comfortable with the agent reading local portfolio-memory files and writing financial reports. Treat any fund allocations, buy/sell signals, or named fund suggestions as unverified research, not personalized financial advice, and keep sensitive balances or account details out of persistent memory unless you explicitly want them stored.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (6)

Description-Behavior Mismatch

Low

Confidence: 88% confidence
Finding: The skill describes an autonomous daily workflow that reads local state and writes reports as a standing behavior, which can cause actions outside an explicit user request. In an agent setting, unattended file reads and file creation can expose private financial data or create unintended persistence and audit issues.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The workflow tells the agent to read a specific local memory file and save daily reports without clearly warning the user that local files will be accessed and written. This weakens informed consent and can lead to silent access to sensitive portfolio information and silent creation of artifacts on disk.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The document gives concrete portfolio allocation targets and trading actions such as when to add or reduce positions, but it does not present any visible disclaimer or risk warning that this is investment guidance and may lead to losses. In a skill positioned as a private fund manager AI, users are likely to treat these instructions as personalized financial advice, increasing the chance of harmful reliance.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The file recommends specific funds, contribution cadence, per-trade amounts, and stop-profit conditions without any accompanying warning about investment risk, suitability, or the non-advisory nature of the content. Because the overall skill is framed as an integrated investment research and portfolio management system, these specifics can be interpreted as actionable financial instructions and may cause real monetary loss.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The document gives concrete buy/sell timing guidance, signal strength claims, stop-loss suggestions, and probability statements without any visible disclaimer that it is educational content only and not individualized financial advice. In the context of a fund-management skill meant to monitor holdings and suggest adjustments, users may reasonably treat these rules as authoritative trading instructions, increasing the risk of financial loss from overreliance on simplified technical signals.

Ssd 3

Medium

Confidence: 94% confidence
Finding: Reading a persistent memory file containing portfolio data for automated reporting creates a real data exposure risk because the agent may ingest and reproduce sensitive financial details in later outputs. In a financial context, holdings, balances, and trading history are sensitive personal data, so automatic reuse increases privacy and leakage risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal