Back to skill

Security audit

Earnings Review Agent

Security checks across malware telemetry and agentic risk

Overview

This skill uses an Eastmoney API key to generate stock earnings reviews and save generated report attachments locally, which is disclosed and aligned with its stated purpose.

Install only if you trust the Eastmoney/Miaoxiang API integration and have an appropriate EM_API_KEY. Keep debug mode off unless troubleshooting, avoid including unrelated confidential information in prompts, and review or clean the configured output directory because generated report attachments can remain on disk.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
This file explicitly creates local directories, writes JSON logs, and decodes attachments to disk. Persistent local storage is a real security-relevant behavior because it can retain sensitive API responses or generated documents beyond the user session, increasing exposure if the host is shared or later compromised; however, the behavior appears operational rather than overtly malicious.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The code uses a server-supplied filename directly when constructing the output path (`path = out / name`) without sanitization or path normalization checks. A malicious or compromised upstream service could return filenames containing `../` or absolute paths, enabling path traversal and arbitrary file overwrite within the permissions of the running process.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The trigger conditions are broad enough to match generic requests for financial analysis or interpretation, which can cause the skill to activate when the user did not specifically request this external-data workflow. Over-triggering can route unrelated prompts into a networked skill that writes files and uses API-backed content, increasing the risk of unintended data handling, incorrect tool invocation, or confusing outputs.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The file-saving logic silently persists attachments and logs locally, but this file provides no user-facing notice, consent check, or disclosure. In a skill that is described as generating earnings-review analysis, undisclosed persistence expands privacy and compliance risk because users may not expect reports or raw attachment content to be retained on disk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.