Security audit

Stockaskill

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed stock-research skill that uses public market data, local caching, and report files, with some methodology and scoping caveats users should review.

Install only if you are comfortable with a finance skill that may fetch public market data over the network, use Python packages such as AKShare, maintain a local cache, and write reports. Treat its stock signals as research support, verify the factor definitions and regional assumptions, and do not rely on it as personalized investment advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The document states it describes the standard 9-point Piotroski F-Score, but the listed items are misnumbered and omit criteria 5 and 6 while introducing entries numbered 10 and 11. In an investment-analysis skill, inaccurate factor documentation can cause developers, users, or downstream agents to implement or validate the scoring model incorrectly, leading to materially wrong stock rankings and recommendations.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger table includes generic terms such as "analysis", "signal", "portfolio", "fund", and especially data-operation terms like "fetch", "cache", and "refresh", which can match ordinary financial conversation and cause the skill to activate unexpectedly. Because this skill has network access and file-write capability, unintended activation can lead to unprompted external requests and report generation, increasing privacy, cost, and side-effect risk.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill prominently instructs the agent to refresh data pools and run script-driven workflows, but it does not clearly warn at the top-level that activation may perform network access and write reports or caches locally. In a tool-enabled environment, this weak disclosure can cause users to unknowingly trigger external data collection and filesystem modifications, which is a meaningful consent and side-effect issue.

Natural-Language Policy Violations

Medium

Confidence: 88% confidence
Finding: The strategy text hard-codes a China-specific ETF core allocation for the "enhanced" or "core-satellite" variant without documenting that this is region-specific or asking the user to confirm market scope. In a multi-market stock skill covering A-share, HK, and US instruments, this can mislead users into unsuitable recommendations, create hidden geographic concentration, and produce advice inconsistent with the user’s jurisdiction or investment universe.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.