Security audit

Mt4 Trader

Security checks across malware telemetry and agentic risk

Overview

This MT4 skill is openly for live trading, but it gives broad account-changing authority with weak safeguards and relies on external compiled trading components.

Install only after careful review. Use a demo or tightly limited account first, verify the external .ex4 files independently, keep auto trading off unless actively supervised, restrict or disable bulk-close and grid commands, and set hard limits and explicit confirmations before allowing an agent or chat channel to place trades.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (7)

Tainted flow: 'WEBHOOK_URL' from os.environ.get (line 33, credential/environment) → requests.post (network output)

Critical

Category: Data Flow
Content: "accountId": ACCOUNT_ID } try: resp = requests.post(WEBHOOK_URL, json=payload, timeout=10) if resp.status_code == 200: logger.info("消息发送成功") return True
Confidence: 92% confidence
Finding: resp = requests.post(WEBHOOK_URL, json=payload, timeout=10)

Intent-Code Divergence

Medium

Confidence: 84% confidence
Finding: The docstring frames this method as only sending Ctrl+E, but the implementation also alters window focus behavior and uses foreground-forcing techniques before injecting input. That mismatch is security-relevant because callers may not expect OS-level UI manipulation, and simulated keystrokes can affect the wrong window or bypass normal user-awareness controls.

Vague Triggers

High

Confidence: 95% confidence
Finding: The skill advertises very broad natural-language commands such as '买黄金 0.05 手', '平仓', and '全平' that map directly to live trading actions. In an agent setting, ambiguous or casually phrased messages can be misinterpreted or triggered without strong confirmation, leading to unintended financial transactions and immediate monetary loss.

Missing User Warnings

High

Confidence: 96% confidence
Finding: The documentation exposes destructive operations such as closing positions, closing all positions, and enabling automated strategies without prominent safety warnings, approval steps, or operator confirmation requirements. In a live brokerage context, these are highly sensitive actions that can liquidate positions or open risk-bearing trades immediately.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The auto-trading setup instructions tell users how to enable MT4 automated execution but do not prominently warn that doing so authorizes live trading activity from the bridge. This lowers friction for accidental activation and increases the chance that a misconfigured or misunderstood agent command will place real trades.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The document exposes direct trading, order placement, modification, and bulk-close capabilities without any safety guidance, confirmation requirements, or warnings about financial loss. In an agent skill context, documenting these actions as simple callable methods can enable unsafe automation or accidental execution of destructive trading operations, especially for leveraged instruments.

Missing User Warnings

High

Confidence: 90% confidence
Finding: The global auto-trading toggle uses synthetic keyboard input to change MT4 terminal state and does so without explicit user confirmation or strong targeting guarantees. This can enable or disable trading globally in a live terminal, and because it relies on window discovery and input injection, mistakes or abuse could affect the wrong session or occur without the operator noticing.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.