Back to skill

Security audit

finance

Security checks across malware telemetry and agentic risk

Overview

This skill appears to fetch public market data and keep a small local cache/watchlist, with no evidence of deception, exfiltration, or destructive behavior.

Install only if you are comfortable with a Python skill that contacts public finance APIs and writes a local cache/watchlist. Use a dedicated virtual environment, consider pinning patched dependency versions, and note that the actual local state path is .cache/market-tracker despite metadata listing .cache/finance.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill instructs the agent to create a virtual environment, install packages, execute Python scripts, use network-backed providers, and maintain a local cache/watchlist, yet it declares no explicit permissions. This creates a trust-boundary problem: a reviewer or runtime may underestimate that the skill can read/write local state, make outbound requests, and invoke shell commands, increasing the chance of unintended execution or data exposure.

Tp4

High
Category
MCP Tool Poisoning
Confidence
89% confidence
Finding
The top-level description says the skill tracks market instruments with caching and provider fallbacks, but the body also supports local watchlist add/remove/summary operations. This mismatch can hide persistent local-state behavior from users and policy systems, making the skill more capable than advertised and reducing informed consent around file modifications.

Unpinned Dependencies

Low
Category
Supply Chain
Content
yfinance>=0.2.40
pandas>=2.0.0
requests>=2.31.0
Confidence
97% confidence
Finding
yfinance>=0.2.40

Unpinned Dependencies

Low
Category
Supply Chain
Content
yfinance>=0.2.40
pandas>=2.0.0
requests>=2.31.0
Confidence
97% confidence
Finding
pandas>=2.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
yfinance>=0.2.40
pandas>=2.0.0
requests>=2.31.0
Confidence
98% confidence
Finding
requests>=2.31.0

Known Vulnerable Dependency: requests==2.31.0 — 5 advisory(ies): CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi); CVE-2026-25645 (Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility func) +2 more

Medium
Category
Supply Chain
Confidence
94% confidence
Finding
requests==2.31.0

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.