Lse Trading Agent

Security checks across malware telemetry and agentic risk

Overview

This LSE stock-analysis skill is coherent and disclosed, with the main caution that portfolio commands can change a local paper-portfolio file.

Install only if you are comfortable with the skill fetching market/news data from Yahoo Finance and storing a local paper portfolio in data/portfolio.json. Back up that file before using --init, --add, or --remove, and treat outputs as research rather than financial advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 84% confidence
Finding: The skill documents local state mutation via `portfolio.py --init/--add/--remove`, which implies file write capability to `data/portfolio.json`, yet no corresponding permission or explicit disclosure is declared in the skill metadata. Undeclared write capability is dangerous because users and hosting platforms may assume the skill is read-only market analysis when it can persist and alter local data.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 91% confidence
Finding: The declared purpose emphasizes screening, sentiment, risk management, and backtesting, but the documented behavior also includes persistent portfolio CRUD operations and live valuation. This mismatch is security-relevant because it obscures stateful/local-data-management behavior that changes user data, increasing the chance of unintended writes, trust abuse, or unsafe approval by reviewers who expect an analysis-only skill.

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The portfolio commands include `--init`, `--add`, and `--remove`, but the documentation does not prominently warn that these actions modify local portfolio data on disk. Without an explicit warning and confirmation step, a user may trigger persistent changes unintentionally, which is especially risky in an agent context where commands may be run on the user's behalf.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The init operation writes a fresh portfolio structure to the target path unconditionally, which can silently destroy an existing portfolio file and erase financial records. In an agent or automation context, a mistaken invocation or path manipulation could cause irreversible data loss without any confirmation barrier.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The remove command permanently updates the portfolio by deleting a position and crediting cash with no confirmation, undo path, or dry-run mode. In trading-related tooling, destructive state changes are more dangerous because a mistaken ticker, automated invocation, or compromised agent workflow can silently corrupt position records and P&L history.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal