Back to skill

Security audit

Wyckoff Diagnose

Security checks across malware telemetry and agentic risk

Overview

This stock-analysis skill mostly does what it says, but it quietly routes market-data requests through a hardcoded credential and an undisclosed plaintext custom endpoint.

Review before installing. Stock codes may be sent to multiple external data providers, including an undocumented non-HTTPS endpoint, and the reports include buy/sell-style guidance that should not be treated as investment advice. Prefer a version that discloses all providers, uses HTTPS, removes embedded credentials, and lets users provide their own API token explicitly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The file hard-codes a Tushare API token and then forcibly overrides the client’s base URL to a non-default external HTTP endpoint. This creates two security problems: credential exposure in source code and redirection of authenticated traffic to an untrusted or undocumented server, which could capture the token, tamper with market data, or proxy requests without the user’s knowledge. In a stock-diagnosis skill, silently changing the upstream API host is more dangerous because analysis quality and integrity depend on trustworthy market data.

Vague Triggers

High
Confidence
88% confidence
Finding
Overly broad trigger phrases such as generic requests to 'analyze' or 'take a look' can cause the skill to activate in unrelated conversations. That increases the chance of unintended execution of file/network-capable functionality and can route user input to external services without clear intent.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Embedding an API token directly in the code is a real security issue because anyone with repository or artifact access can reuse the credential, exhaust quota, impersonate the service usage, or pivot into related systems if the token is reused elsewhere. Even if the token is only for data access, hard-coded secrets are routinely harvested and abused once exposed.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code sends requests to a configured external server over plain HTTP without any visible disclosure or consent. Because the endpoint is custom and unencrypted, responses and requests can be intercepted or modified in transit, enabling data poisoning, surveillance of usage patterns, or credential interception if authentication is included. For a stock-analysis skill, manipulated data can directly affect user decisions, making this context more sensitive than a generic informational tool.

VirusTotal

49/49 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.