Back to skill

Security audit

Stock/Industry Tracker

Security checks across malware telemetry and agentic risk

Overview

This skill coherently sends stock or industry report requests to Eastmoney and saves returned report files locally, with no evidence of hidden or destructive behavior.

Install only if you are comfortable sending stock or industry report prompts to Eastmoney's service and storing generated PDF/DOCX reports locally. Keep EM_API_KEY private, avoid including confidential account data or proprietary research in prompts, and treat generated reports, attachments, and share links as third-party content to verify before relying on them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill requires an environment secret and explicitly invokes a remote report service, but it does not declare corresponding permissions in a user-visible way. This creates a transparency and governance gap: the skill can access sensitive credentials and make outbound network requests without clear permission metadata, making review, policy enforcement, and user trust weaker.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger conditions are broad enough to match ordinary requests about industries, stocks, updates, or reports, which can cause unintended invocation of this skill. In context, that means user queries may be sent to a remote service and files may be created locally even when the user did not clearly intend to use this specific reporting workflow.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill states that returned DOCX/PDF attachments will be written to local files, but it does not warn the user beforehand. This is risky because generated reports may contain sensitive financial prompts or results, and local persistence can leave recoverable artifacts on shared machines or managed environments.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The workflow sends the user's raw query unchanged to a remote report service, but there is no explicit privacy or data-sharing warning. If users include proprietary investment research, account details, or other sensitive content, that data is exfiltrated to a third party without informed consent.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script sends the raw user query to an external third-party API, which can expose sensitive user-provided financial, personal, or proprietary information outside the local trust boundary. In this skill context, external transmission is core functionality, but the absence of explicit user disclosure/consent creates a real privacy and data-governance risk.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The code decodes server-supplied PDF/DOCX content and writes it to local disk without warning, retention controls, or validation of whether persistence is necessary. In a multi-user or sensitive environment, these files may contain confidential market analysis or user-request-derived content that remains accessible on disk longer than intended.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.