Trading Decision Pro

Security checks across malware telemetry and agentic risk

Overview

This trading skill is not clear malware, but it markets real-time financial signals while the code generates random simulated outputs and pushes off-platform payments.

Review carefully before installing. Do not use this skill for real trades or treat its signals, backtests, or confidence scores as market data. Do not provide API keys or send payment screenshots, Alipay payments, or crypto payments unless the publisher provides verifiable data sources, platform-approved billing, credential-handling details, and clear financial-risk disclaimers.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (10)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 81% confidence
Finding: The manifest indicates code-like capabilities involving environment access (`env`) without declaring corresponding permissions. This creates a transparency and trust gap: users and platforms cannot accurately assess what sensitive runtime data the skill may access, which is especially concerning in a trading-related skill that may handle API keys or account configuration.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 88% confidence
Finding: The documented behavior expands beyond the stated purpose into backtesting, pattern detection, multi-timeframe analysis, and synthetic signal generation. This mismatch can mislead users and reviewers about the true operational scope, causing them to grant trust, data, or deployment approval under incomplete assumptions.

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The skill file is dominated by upselling, pricing, guarantees, QR-code payment prompts, and off-platform contact instructions rather than core trading-analysis behavior. This is dangerous because it repurposes the skill distribution channel for monetization and lead capture, increasing phishing, fraud, and social-engineering risk under the guise of a software capability.

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: The documentation instructs users to pay via Alipay/crypto and then send screenshots through WeChat/Telegram for activation, which is a classic off-platform payment and customer-acquisition flow. This bypasses platform safeguards, creates significant fraud risk, and could be used to harvest personal identifiers, payment proofs, or move users into less monitored channels.

Description-Behavior Mismatch

High

Confidence: 99% confidence
Finding: The skill advertises market sentiment and trade analysis, but the implementation explicitly relies on simulated/random data rather than real market inputs. In a trading context this is dangerous because users may treat the output as financially actionable advice, leading to losses based on fabricated analytics.

Description-Behavior Mismatch

High

Confidence: 99% confidence
Finding: The backtest function generates synthetic performance metrics with random values while presenting them as backtest results. This can mislead users into trusting nonexistent historical performance, which is especially risky for financial decision-making and strategy selection.

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: The docstrings and method contracts describe analytical capabilities as though they perform real detection and analysis, while the code underneath uses random simulation. This mismatch increases the chance that integrators and end users will overtrust the outputs, particularly in a high-stakes trading environment.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The description claims broad, high-impact capabilities such as market sentiment analysis, risk assessment, and real-time trade recommendations without defining clear trigger conditions, operational limits, or user-controlled activation scope. In a trading skill, this ambiguity is risky because consumers or downstream agents may over-trust the skill, invoke it in unintended contexts, or treat it as authoritative financial guidance without appropriate safeguards.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The code returns recommendations such as ENTER, AVOID, BUY, and SELL without any explicit warning that the underlying analysis is simulated and not suitable for real trading. In the context of a trading assistant, omission of that warning materially increases the risk of harmful reliance by users or downstream agents.

Vague Triggers

Low

Confidence: 87% confidence
Finding: The package description is overly broad and does not define clear activation boundaries, which can cause the skill to be invoked in contexts beyond its intended trading-assistance scope. In agent ecosystems, ambiguous triggering can increase the chance of inappropriate use, unauthorized decision influence, or accidental execution in sensitive financial workflows.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal