Back to skill

Security audit

Investment Analyzer

Security checks across malware telemetry and agentic risk

Overview

This investment skill mostly matches its stated purpose, but it bundles specific personal financial and property details and requests a Gemini API key without a clear runtime need.

Review before installing. Remove or replace the bundled personal profile and portfolio files, confirm whether the Gemini API key is actually required, and use the scripts only with financial details you are comfortable exposing to the agent and any external market/listing services it contacts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill instructs the agent to run multiple scripts that fetch ETF data and scan Centris listings, which implies network access, yet no explicit permission declaration or user-visible notice is present. In a finance skill that also references personal profile and portfolio files, undeclared network use increases the risk of silent external data access and unintended exposure of sensitive financial context.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The top-level triggers are broad and overlap with ordinary investing questions such as ETF analysis, DCA, and real-estate comparison, making accidental invocation plausible. Because the skill reads personal financial references and may run scripts with network access, overbroad activation can cause the agent to use sensitive data or perform external lookups when the user did not intend to invoke this skill.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The workflow triggers use ambiguous natural-language conditions like 'names a ticker' or 'scan for properties,' which can match many routine conversations. In this context, ambiguous activation is more dangerous because the skill is capable of script execution, financial profiling, and external data retrieval, so a normal discussion could escalate into unintended analysis using private data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly points to personal profile and portfolio files containing income, tax rate, LOC, and holdings, but the description does not warn users that this sensitive financial data may be incorporated into analyses. In an investment advisory context, undisclosed use of personal financial records can violate user expectations, increase privacy risk, and lead to oversharing through outputs or downstream script inputs.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.