Racing Quant AI

Security checks across malware telemetry and agentic risk

Overview

This finance-analysis skill matches its general purpose, but it publishes reusable database credentials and includes a helper that can present simulated holdings as analysis.

Install only if you trust the publisher and understand that the skill can contact a remote MySQL strategy database and external search services. Treat the bundled database password as exposed, verify that the account is read-only and intended for public use, and independently check any stock or holdings output, especially from the helper that uses simulated holdings or fallback research.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (18)

Context-Inappropriate Capability

Medium

Confidence: 99% confidence
Finding: The file hard-codes live-looking MySQL credentials and connects to a public IP, exposing a direct path to a remote database from the skill code. Even though this script only runs a DESCRIBE query, embedded secrets can be extracted and reused for broader unauthorized access, data enumeration, or follow-on attacks if the account has additional privileges.

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The script contains hardcoded capability to connect to an external MySQL server using embedded credentials, which exceeds a simple local analysis helper and creates direct access to a remote data source. In the context of an agent skill, this is dangerous because anyone with access to the code can reuse the credentials to query the database outside the intended workflow, potentially exposing strategy data and enabling broader unauthorized access.

Intent-Code Divergence

Medium

Confidence: 99% confidence
Finding: The file hardcodes live MySQL credentials, including a public host, username, and password, directly in source code. This is a real secret exposure vulnerability because anyone with access to the skill package can reuse those credentials to connect to the external database, read strategy data, and potentially pivot further depending on that account's privileges.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger phrases are broad enough to cause the skill to activate in contexts where the user did not intend remote database access or expanded tooling use. In this skill, that is more dangerous because activation can lead to external queries, web searches, and use of embedded credentials, creating unnecessary exposure and surprise side effects.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The auto-enable conditions are ambiguous and overly permissive, which can cause unintentional execution of a skill that performs remote data access and multi-tool external lookups. In this context, broad activation meaningfully raises risk because the skill is not a passive formatter; it can initiate privileged or privacy-impacting operations once triggered.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The skill exposes live remote MySQL credentials directly in documentation, which is a clear secret disclosure. Anyone with access to the skill file could reuse those credentials to connect to the database, enumerate schema and data, extract proprietary strategy information, or abuse the service; the finance context makes the leaked data especially sensitive and commercially valuable.

Missing User Warnings

Medium

Confidence: 99% confidence
Finding: The script contains hardcoded MySQL credentials and an external IP address, exposing secrets directly in source code. Anyone with access to the skill package or repository can reuse these credentials to connect to the database, inspect data, and potentially expand compromise depending on the account’s privileges.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: Embedding database credentials without disclosure is a real security issue because anyone with access to the skill files can recover them and connect to the backend directly. In this skill context, the capability exceeds a typical end-user-facing recommendation workflow and increases risk because it silently exposes backend infrastructure details and access paths.

Missing User Warnings

Medium

Confidence: 99% confidence
Finding: The script embeds plaintext MySQL credentials and connects to a public remote database host directly from source code. If this file is exposed through source control, packaging, logs, or redistribution of the skill, an attacker can reuse the credentials to access the database, enumerate schema information, and potentially pivot into broader data exposure or service abuse.

Missing User Warnings

Medium

Confidence: 99% confidence
Finding: The script embeds live MySQL credentials directly in source code, including a public IP, username, and password. Hard-coded secrets are dangerous because anyone with access to the skill files can reuse them to connect to the database, extract sensitive strategy data, modify records depending on granted privileges, or pivot further into the environment. In this investment/strategy context, exposure of proprietary holdings and strategy data increases the severity.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The file hardcodes a live database host, username, and password directly in source code. This is dangerous because credentials can be extracted by anyone who can view the skill package, enabling unauthorized database access, data theft, tampering, and lateral abuse if the account has more privileges than expected.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The script initiates a connection to a remote external database and performs queries without any user-facing disclosure, consent, or transparency about outbound network access. In an agent skill setting, undisclosed remote connections increase risk because they can transmit user-supplied inputs and retrieved data to infrastructure the user does not expect or control.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The script contains hardcoded MySQL credentials, including a public IP address, username, and password, directly in source code. If the skill code is shared, logged, or reused in other environments, attackers can use these secrets to access the database, exfiltrate strategy data, modify records, or pivot further into the environment.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The script establishes a live network connection to a remote database and retrieves data without any user-facing disclosure or consent mechanism. In an agent skill context, this is risky because invoking the skill can silently cause external data access and transmission, which may surprise users and expose sensitive operational or financial data flows.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The script embeds live MySQL credentials, including a public IP, username, and password, directly in source code. Anyone with access to the skill package can reuse these secrets to access the remote database, which can expose strategy data, enable unauthorized querying, and potentially facilitate further compromise if the account has broader privileges.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The script automatically initiates a connection to a remote database server without any user-facing notice, consent, or runtime guard. In an agent skill context, undisclosed outbound connections are risky because they transmit data to external infrastructure and may surprise users or platform operators, especially in a finance-related workflow that processes potentially sensitive strategy information.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The script silently establishes a network connection to an external database using embedded credentials, with no disclosure or user consent. In an agent skill context, this is dangerous because installing or running the skill causes hidden access to third-party infrastructure and data, expanding trust boundaries and exposing users or operators to unintended data handling and external dependency risk.

Missing User Warnings

Medium

Confidence: 83% confidence
Finding: The script contains hardcoded credentials and directly retrieves strategy and position data from a remote database, including holdings information that may be proprietary or sensitive. In a skill context that may be triggered by user requests, absent disclosure, access control, or minimization increases the risk of unauthorized exposure of internal trading data.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal