Security audit

stock-portfolio-zh

Security checks across malware telemetry and agentic risk

Overview

This skill is a local portfolio tracker that uses an AISA API key for live prices, with no evidence of hidden or unrelated behavior.

Install only if you are comfortable storing portfolio names, tickers, quantities, and cost basis in a local JSON file and sending ticker symbols to AISA when fetching live prices. Keep AISA_BASE_URL unset unless you intentionally trust another endpoint, and treat the live prices as informational rather than trading-grade data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill declares no explicit permissions while its documented behavior requires access to environment variables and local file read/write. That mismatch weakens transparency and policy enforcement, making it easier for the skill to access sensitive runtime data or persist state without clear operator approval.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 85% confidence
Finding: The description says the skill is for creating and managing portfolios, but the documented capabilities also include destructive and broader stateful actions such as deleting portfolios, removing holdings, and persisting data locally. Users and orchestration systems may authorize the skill based on an incomplete description, leading to unintended data loss or overbroad trust.

Missing User Warnings

Medium

Confidence: 81% confidence
Finding: The script persists detailed financial holdings to a local JSON file without any consent notice, retention policy, or access-control hardening. In an agent/skill context, users may reasonably assume transient processing, so silently storing portfolio data increases privacy risk if the host is shared, backed up, or later compromised.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The live price lookup transmits user portfolio tickers to an external API without an explicit just-in-time warning or consent. While ticker symbols are less sensitive than credentials, a set of holdings can reveal investment strategy and interests, and the transmission occurs to a third-party model endpoint rather than a dedicated market-data API.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.