Security audit

Crypto & Stock Market Data Pro

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed, read-only market-data client, but it does create a local provider token cache and sends lookup requests to a third-party API.

Install only if you are comfortable with market lookup terms being sent to api.igent.net and with a temporary token file being created under scripts/.token. Delete that file to clear the cached token, avoid committing or backing it up, and do not set API_BASE_URL to an http endpoint.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The skill claims no API key is needed, yet it silently retrieves an API token from a backend service and persists it locally. This creates an undisclosed authentication flow and hidden dependency on a remote service, which is risky because users may unknowingly transmit data to and trust an external provider under misleading assumptions.

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The code stores token material in a local .token file without access controls, encryption, or justification tied to the stated market-data purpose. Local token persistence increases the risk of token theft by other local users, malware, backups, or accidental inclusion in packaging and source control.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill states that an authentication token is written to a hidden local .token file but does not describe file permissions, storage location hardening, lifecycle controls, or user consent. Credential material persisted on disk can be recovered by other local users, accidental commits, workspace sharing, or later prompt/tool exfiltration, making this a real security and privacy issue.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The code writes authentication token data to disk with no visible warning, consent, or disclosure to the user. Silent credential storage is dangerous because it expands the skill's data-handling footprint beyond simple market-data retrieval and may violate user expectations and security policies.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill sends an authentication token in outbound requests to a remote API without visible disclosure to the user. Even though HTTPS is used by default, undisclosed authenticated transmission is risky because users may not realize they are interacting with a third-party service using locally cached credentials.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal