Back to skill

Security audit

Alphagbm Duan Analysis

Security checks across malware telemetry and agentic risk

Overview

This appears to be a narrowly scoped financial-options guidance skill, with usability caveats but no evidence of hidden execution, data access, persistence, or exfiltration.

Before installing, treat this as educational financial analysis rather than investment advice. Check that you actually want a seller-only options framework, and ask the agent to use your preferred language if it responds in Chinese unexpectedly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger list includes broad phrases like "seller strategy MSFT," "premium collection setup," and "Duan-style analysis," which can match ordinary investing requests that do not clearly ask for this specific skill. In an agent-routing context, overly broad triggers can cause mis-selection of the skill, leading users to receive narrow seller-only options guidance when they intended more general or different financial analysis.

Natural-Language Policy Violations

Medium
Confidence
76% confidence
Finding
The skill states it provides "Chinese-native copy" without indicating user preference, opt-in, or fallback behavior. In a multi-user agent environment, this can create output-language mismatch, reducing comprehension and increasing the chance that users misunderstand financially sensitive guidance or system messaging.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.