Back to skill

Security audit

stockquant

Security checks across malware telemetry and agentic risk

Overview

This is a stock-analysis and trade-plan helper that uses market data, local caches, logs, and an optional Tushare token, but it does not itself connect to a brokerage or execute trades.

Install only if you are comfortable using an agent for stock screening and trade-plan suggestions. Review every suggested ORDER line before any downstream tool can act on it, avoid saving a Tushare token unless you accept plaintext local storage, and clear local config/logs when you no longer need them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill advertises shell, network, file read, and file write capabilities while declaring no permissions, which creates a transparency and governance gap. In an agent environment, hidden capabilities materially increase the risk of unexpected data access, persistent state changes, and outbound communications that users or orchestrators did not explicitly approve.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The documented purpose is narrower than the behaviors implied by the analyzer: persistent token/config management, logging/caching, web scraping, backtesting, and order-generation functions. This mismatch is dangerous because users and supervising agents may trust the declared scope while the skill performs materially broader actions, including persistence, external data collection, and trading-adjacent output generation.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill persistently stores recommendations, candidate pools, market snapshots, evaluation results, verbose logs, and token/config state even though the skill is framed as analysis support. In an agent environment, that creates unintended data retention and possible leakage of user trading intent, portfolio data, and credentials across sessions or to other tools that can read the workspace.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
Although the description says Python only returns data plus hints, this code generates concrete executable trading instructions, allocation plans, sell plans, and machine-readable ORDER lines. In an agentic setting, this materially increases risk because downstream automation may treat those outputs as authoritative actions rather than advisory analysis.

Context-Inappropriate Capability

Medium
Confidence
81% confidence
Finding
The macro-sentiment component uses browser automation and live web scraping outside the stated stock-data scope. This expands the runtime attack surface, increases external connectivity, and may expose the agent environment to unstable or manipulated content sources that were not part of the declared trust model.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill persists third-party API credentials and state locally, but this capability is not declared in the manifest. In an agent workspace, plaintext credential storage creates a real exposure path if other tools, logs, or users can read the same filesystem.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.