Back to skill

Security audit

mquant coder

Security checks across malware telemetry and agentic risk

Overview

This trading-code skill is coherent and not evidently malicious, but it needs Review because it can guide live trading, file deletion, and sensitive trade-data persistence without enough safeguards.

Install only if you are comfortable reviewing generated MQuant code before running it. Use a simulation or test account first, require explicit confirmation before any live order or file deletion, avoid running the bundled examples unchanged in production, and protect or disable local CSV exports that contain account and trading data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (27)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The example remediation tells users to call subscribe with a string frequency ('1m'), while the same document elsewhere states only MarketDataType constants are supported. This inconsistency can cause users to apply a broken fix, leaving strategies unsubscribed and potentially causing silent malfunction or bad operational decisions based on missing market data.

Intent-Code Divergence

Low
Confidence
93% confidence
Finding
The timer callback documentation says it should skip cancel/rebuild logic during purchase/redemption or after a single rebuild, but the implementation always calls cancel_and_rebuild_orders() with no gating. In this trading context, that mismatch can cause unintended cancel/replace activity during sensitive multi-step arbitrage execution, creating duplicate exposure, broken state transitions, or unhedged positions.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The strategy description explicitly states that purchase/redemption stages must not be canceled, yet cancel_and_rebuild_orders() has no arbitrage-step check and will process outstanding orders based only on age/status. In an ETF arbitrage workflow, canceling or replacing orders out of sequence can leave one leg executed without the offsetting leg, causing market risk, oversizing, or failed arbitrage settlement.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The strategy documentation says a breakdown below the breakout-sell level should open a short position, but the implementation issues a positive buy order instead. In an automated trading context, this can invert the intended market exposure and cause immediate financial loss by buying into a falling market rather than reducing risk or profiting from the decline.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The comments describe a reversal that should flip from long to short, but the code only sells existing long holdings and never establishes a short position. This mismatch can leave the strategy partially executed, producing materially different exposure than operators expect and undermining risk controls based on the documented behavior.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The comments say breakout-buy should occur only when flat, but the code explicitly ignores that restriction and can continue adding exposure regardless of current position state. In automated trading, bypassing stated position constraints can lead to over-allocation, unintended pyramiding, and larger-than-expected losses during volatile moves.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The code prints status messages indicating a 'buy securities to repay' workflow, but it actually calls MarginTradeHandler.marginsec_open, which appears to open a securities-lending/short position rather than repay one. In a live margin-trading context, this can cause the opposite of the intended financial action, increasing exposure and debt instead of reducing it, especially because this is wired into an automated timer callback.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The sub-strategy message handler forwards every received custom message directly into order-processing logic, while the safer account-scoping logic is commented out. Because on_recv_fast_params can place or cancel orders based on message contents, any sender able to publish to this custom message channel may trigger unauthorized trading actions for the receiving strategy if the message names this strategy's account.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The skill exposes user-configurable parameters for securities and prices, but the actual order submission logic ignores them and instead submits hard-coded buy orders for different symbols and prices. In a trading context, this mismatch is dangerous because an operator may believe they are testing or trading one set of instruments while the code silently places live orders for others, creating risk of unauthorized or unintended trades and financial loss.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs automatic creation of multiple user files and directories on first run, but does not require clear, per-action user consent before modifying the filesystem. In an agent setting, silent writes can violate user expectations, create persistence, and be abused to plant misleading or unsafe content in trusted locations.

Missing User Warnings

High
Confidence
98% confidence
Finding
The versioning rules state that older strategy versions are automatically deleted once more than five exist, which is destructive behavior without an explicit warning or confirmation step. Automatic deletion can cause irreversible loss of user strategies, logs, or forensic history, especially if version naming collisions or path mistakes occur.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document includes executable trading order examples showing immediate buy/sell behavior without any warning that these APIs can place real orders and affect user assets. In a trading skill context, omission of execution-risk guidance can lead users to copy-paste examples into live environments and unintentionally trade real positions.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The file contains hardcoded SDK credentials placeholders (user/password), establishing an unsafe pattern that can lead operators to embed real secrets directly in source code. In a trading/data-access context, leaked credentials could enable unauthorized access to market-data services, account misuse, or lateral exposure through logs and repositories.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This timer-driven sample automatically executes multiple financing, short-selling, repayment, direct refund, and collateral trading operations with no user confirmation, guardrails, or environment checks beyond console prints. In the context of a trading skill, especially one demonstrating margin APIs, this is dangerous because loading or reusing the sample in a live account could immediately place leveraged trades and repayments without deliberate operator approval.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The strategy persistently writes sensitive trading data including fund account identifiers, orders, executions, funds, and positions to predictable local CSV paths on disk without any access controls, encryption, retention limits, or user-facing disclosure in the code. In a trading environment, these records can expose account identifiers and highly sensitive financial activity to other local users, malware, backups, or unintended operators, increasing confidentiality and compliance risk.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The strategy automatically creates local files under a fixed Windows path and persists fund accounts, orders, executions, balances, and positions without any consent prompt, access control, or minimization. In a trading environment this data is sensitive business and account information; if the host is shared, backed up broadly, or monitored by other software, this persistence increases exposure and can leak confidential trading activity.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The code appends arbitrary user-supplied custom order metadata to a CSV file, creating a durable local record of potentially sensitive tags, identifiers, or business context. Because the field is externally influenced and written without sanitization or disclosure, it can also introduce CSV/formula injection risk if the file is later opened in spreadsheet software.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The strategy persistently writes sensitive trading data including fund accounts, orders, executions, balances, and positions to predictable local CSV paths under D:\MQuantTradeData\. In a trading environment, these files may expose account identifiers and portfolio activity to other local users, malware, backups, or unintended retention without any access controls, minimization, or operator warning.

Missing User Warnings

High
Confidence
98% confidence
Finding
The code accepts custom inter-strategy messages and directly converts them into live order placement and cancellation requests with no authentication, integrity protection, authorization check, or robust schema validation beyond basic field parsing. In this skill context, that is especially dangerous because the file is explicitly a trading strategy helper: any actor able to send or relay custom messages can potentially trigger unauthorized trades or cancellations across accounts.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
This strategy places live orders in on_strategy_start() and includes automatic cancel/reorder behavior via TC_OrderObject without any in-file warning, confirmation step, dry-run mode, or guardrail indicating that execution has real trading side effects. In a trading automation context, this is dangerous because merely deploying or starting the skill can trigger irreversible market actions, potentially causing unintended financial loss if the CSV input, parameters, or environment are wrong.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code exports sensitive trading order data, including fund account identifiers, symbols, timestamps, prices, and custom fields, to local CSV files on disk without any access control, consent flow, encryption, or minimization. In a trading context this can expose confidential financial activity to other local users, backup systems, or malware, and the risk is heightened because the data is continuously appended and organized for easy collection.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
Execution records are written to CSV files and include sensitive transaction details such as account, symbol, side, price, amount, order IDs, and timestamps. Even though this appears intended for audit/logging, writing this data locally without disclosure or protection creates a confidentiality risk in a financial environment where trade history is highly sensitive.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The file stores fund and position snapshots to disk, including cash balances, total assets, market value, holdings, and account identifiers. This is more sensitive than generic logging because it reveals a near-complete financial state of the account; if the host is shared or compromised, an attacker gains detailed portfolio intelligence and potentially regulated financial data.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The strategy can write order, execution, fund, and position data to a fixed local path on disk (D:\MQuantTradeData). These records are sensitive trading data, and storing them without access controls, path validation, retention limits, or explicit operator disclosure increases the risk of local data exposure and unintended persistence.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The code automatically submits an algorithmic trading instance during initialize(), which means merely loading or starting the strategy can place live market orders without an explicit confirmation step. In the context of a trading skill, automatic execution is especially dangerous because initialization is commonly assumed to be setup-only, so this can lead to immediate unintended trades and monetary exposure.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.