A Stock Trading Assistant Custom

Security checks across malware telemetry and agentic risk

Overview

This A-share stock assistant is coherent and purpose-aligned, but users should know that saved price alerts can persist locally.

Install only if you are comfortable sending stock codes and market queries to public third-party finance sites and having any configured price alerts saved locally. Review or delete the watchlist if you no longer want those alerts retained, and verify data independently before making trades.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The skill instructs the agent to persist user-configured price alerts to a local markdown file, introducing stateful storage that is not necessary for a stateless analysis skill. This can create unintended retention of user trading interests and preferences, and if multiple users share the same environment it may lead to cross-session data exposure or tampering.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill directs the agent to store user alert settings persistently without any explicit privacy notice, consent flow, retention limit, or handling guidance. Even if the stored data seems low sensitivity, it can reveal a user's watchlist and trading intent, and silent persistence increases privacy and compliance risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal