fund-diagnosis

Security checks across malware telemetry and agentic risk

Overview

This fund diagnosis skill is coherent: it uses a declared EastMoney API key, sends a fund question to EastMoney for analysis, and can save the returned report locally.

Install only if you trust the EastMoney service and can revoke the EM_API_KEY. Avoid putting account numbers, personal identifiers, or full portfolio details in queries, and use --no-save when you do not want generated fund reports left on disk.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The skill defaults to writing analysis output to a local Markdown file under the current working directory, even though the manifest describes a diagnostic/reporting capability and does not disclose local persistence. Silent default persistence can expose sensitive user queries and generated financial assessments to other local users, backups, or later processes.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The code transmits the user's natural-language question to an external EastMoney endpoint, but this outbound data flow is not disclosed in the skill description. Undisclosed third-party transmission creates privacy and compliance risk because user prompts may contain investment intent, portfolio details, or other sensitive financial context.

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The diagnose flow writes returned report content to disk when content is present and passes a validity check, again without requiring explicit user opt-in. This creates a tangible confidentiality risk because both the user's question and the external service's output may contain sensitive financial information that remains on disk after the session ends.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: Saving fund-analysis results locally by default without a clear warning is a security and privacy footgun. Users may reasonably expect an on-demand diagnostic response, not persistent storage of generated financial reports, which can lead to accidental disclosure through shared machines, logs, sync tools, or endpoint monitoring.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal