Back to skill

Security audit

China Stock Toolkit

Security checks across malware telemetry and agentic risk

Overview

This is a coherent stock-market dashboard skill that fetches public market and news data, with no evidence of hidden persistence, credential theft, destructive actions, or unrelated behavior.

Before installing, expect stock symbols, stock names, sector keywords, and news queries to be sent to public financial/news services. Only configure trusted API keys, proxies, or custom data sources, and treat quote data, fee calculations, and sentiment labels as informational rather than investment advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger text is extremely broad, covering nearly any question about Chinese stocks, Hong Kong stocks, US stocks, precious metals, exchange rates, watchlists, news, sentiment, and fees. In an agent environment, this can cause unintended invocation on general finance conversations, leading the skill to activate more often than the user intended and increasing exposure to network access, external data fetching, and finance-related outputs in contexts where it may be inappropriate.

Missing User Warnings

Medium
Confidence
72% confidence
Finding
The tool makes outbound requests to third-party market data providers without clearly disclosing that network access will occur or what data will be sent. In an agent/skill context, hidden network activity can violate user expectations, leak queried stock symbols or interests to external services, and expand the attack surface through unvetted remote dependencies.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.