A Stock Analyzer

Security checks across malware telemetry and agentic risk

Overview

This stock-analysis skill is not malware, but it needs Review because it can generate trading instructions from default or simulated financial data and can send reports to external webhooks.

Install only if you are comfortable reviewing and editing the configuration first. Treat all reports as unverified screening output, disable push unless you explicitly need it, configure webhooks carefully, and do not rely on the trading prices or position sizes as professional financial advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (12)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill advertises executable behavior that reads and writes local files, accesses the network, and can be scheduled via cron, but the manifest does not declare any permissions or capability boundaries. This is dangerous because users and hosting systems cannot accurately assess or constrain what the skill is allowed to do, increasing the risk of unintended data access, report exfiltration, or overbroad execution in an automation context.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 88% confidence
Finding: The documented purpose is a stock-screening assistant, but the described behavior extends to external message pushing, large-scale data prefetch/caching, fallback to simulated financial data, and broader recommendation logic than users would reasonably expect from the manifest. This mismatch is dangerous because it can conceal outbound data flows and materially change decision outputs, leading users to trust reports or recommendations generated from undeclared or synthetic data and exposing information to third-party services.

Description-Behavior Mismatch

Medium

Confidence: 97% confidence
Finding: The report provides concrete trading instructions including buy ranges, target prices, stop-loss levels, and a 60% position size, which goes beyond descriptive stock screening into execution-style financial guidance. In the context of an agent skill advertised as an analyzer/screener, this mismatch can mislead users into treating generated output as professional or validated advice, increasing risk of financial harm and regulatory exposure.

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The recommendation rationale is reduced to '今日上涨', which contradicts the stated methodology of using Minervini-style trend templates and seven strict financial criteria. This is dangerous because it creates a false impression that recommendations are backed by rigorous multi-factor analysis when they may actually be based on a trivial heuristic, undermining user trust and potentially causing poor trading decisions.

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: This repeated use of the same minimal '今日上涨' justification suggests the skill may systematically fabricate or oversimplify its reasoning instead of applying the declared strict selection framework. Recommending securities on that basis can mislead users about the depth and reliability of the analysis, especially in a financial-decision context where users may act on the output.

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The third recommendation again relies only on same-day upward movement rather than the manifest’s claimed value-trend screening methodology. In an investment skill, repeated unsupported rationales make the output materially more dangerous because users may infer consistency and rigor where none exists, leading to misplaced confidence and financial loss.

Description-Behavior Mismatch

Medium

Confidence: 87% confidence
Finding: The report presents concrete stock recommendations, target prices, stop-loss levels, and position sizing, but the visible content does not substantiate the manifest’s claimed Minervini trend-template and strict 7-factor fundamental screening methodology. In a financial decision-support skill, this mismatch can mislead users into trusting outputs as rigorously screened when they may instead be generic or weakly supported recommendations, increasing the risk of financial harm.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The analyzer claims to apply strict real financial screening, but when live data is missing it silently falls back to hard-coded defaults or simulated values. This can materially mislead downstream decisions by presenting fabricated fundamentals as if they were genuine screening inputs, which is especially dangerous in an investment-analysis skill where users may rely on the output for financial decisions.

Intent-Code Divergence

Medium

Confidence: 88% confidence
Finding: The function comments state that buy points depend on MACD golden-cross logic, but the implementation only checks proximity to moving averages and Bollinger-band conditions. This mismatch is dangerous because it misrepresents the basis of trading advice, causing users or calling systems to trust a stronger technical confirmation than the code actually performs.

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The code automatically pushes generated reports to an external module without any user confirmation, destination disclosure, or manifest-level justification. For a stock-analysis skill, this expands behavior from local analysis into outbound data transmission, creating privacy, data-handling, and trust-boundary risks.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: An unjustified external push capability increases the attack surface and creates an unnecessary exfiltration channel in a tool whose stated role is stock screening and reporting. Even if the current payload is only the report summary, the pattern enables future leakage of sensitive user or analysis data through a path users would not reasonably expect.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: Report content is transmitted externally with no user-facing warning in the execution path, preventing informed consent and violating reasonable expectations for a local analysis tool. In context, the report may contain investment choices and derived strategy information, so undisclosed transmission increases privacy and compliance concerns.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal