Back to skill

Security audit

Tushare Daily Market Sense

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate stock-market report skill, but it needs review because one helper script can print database credentials and the package can modify local stock-data tables.

Review before installing. Use only a low-privilege local PostgreSQL account, avoid production database credentials, and do not run migrate_stock_to_pg.py unless the DSN logging is fixed or you are comfortable with the connection URL appearing in terminal or CI logs. Also be aware that some report fields come from Sohu/JRJ/AKShare rather than only Tushare, and generated HTML includes inline JavaScript plus embedded report chart data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The builder accepts raw extra_head content and arbitrary JavaScript via add_ui_decoration, then injects them verbatim into the final HTML. If any untrusted or semi-trusted skill input reaches these fields, an attacker can execute script in the generated report, exfiltrate embedded data, or alter report contents, which is especially dangerous because the report also exposes structured chart data under window.__chartData.

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The skill metadata says the evidence pack is based on deterministic Tushare data, but the code also pulls core analysis inputs from third-party Sohu and JRJ endpoints. This creates an integrity and trust-boundary problem: generated outputs can be influenced by unaudited external web content that may change format, be manipulated, or diverge from the declared data source assumptions.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
Direct scraping of Sohu and JRJ expands the skill's external attack surface beyond its stated Tushare-only purpose. Even if no code execution occurs, the skill becomes dependent on third-party responses for analysis artifacts, which can lead to data poisoning, unstable behavior, and silent output drift.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The script prints the full value of ALPHA_PG_URL to stdout, and the default URL contains embedded PostgreSQL credentials. This can leak secrets into terminal scrollback, CI logs, shell history captures, or centralized logging systems, enabling unauthorized database access if those logs are exposed.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The script emits the PostgreSQL target URL immediately before migration, which may disclose embedded credentials to anyone with access to console or build logs. In this skill context, the script is for deterministic data migration, so exposing secrets is unnecessary and increases risk without operational benefit.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

No suspicious patterns detected.