Security audit

aim-trade-news

Security checks across malware telemetry and agentic risk

Overview

The skill appears to perform its stated trade-news lookup, but it asks users to paste an API token into chat and has the agent save it locally without enough safety controls.

Review before installing. Use only a dedicated, low-privilege AEP token, avoid sharing unrelated credentials, and delete the skill .env file or rotate the token when you stop using it. Prefer a managed secret store or manual local setup over pasting a bearer token into chat.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (5)

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The documentation instructs the agent to solicit a Bearer token through chat and then write it into a local .env file. This expands the skill from simple news retrieval into credential handling and persistence, creating risk of secret exposure in chat logs, agent memory, local filesystem, backups, or later unintended reuse by other processes.

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The document instructs the agent to collect a user-supplied AEP bearer token and persist it in a local .env file for a trade-news skill. Even if operationally convenient, this expands the secret exposure surface and is not clearly justified by the user-facing skill purpose, creating risk of credential leakage, reuse beyond the immediate session, and unintended retention.

Missing User Warnings

Low

Confidence: 89% confidence
Finding: The README tells users to place an AEP bearer token in configuration but does not clearly disclose that the skill will use that credential to make authenticated requests to an external third-party service. This creates a transparency and consent problem: users may supply a sensitive token without understanding where it will be sent or what trust boundary is being crossed.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The skill explicitly tells the user to paste a Bearer token into the conversation and tells the agent to save it locally, but provides no clear user-facing warning about the risks of sharing credentials in chat. Because chat content may be logged, retained, or visible to operators and because local .env storage may be broadly readable, this pattern materially increases the likelihood of credential compromise.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The guidance tells the agent to ask the user for a credential and store it persistently, but it does not require a clear user-facing warning that the token will be stored on disk, may persist across sessions, and could grant access to external services. That missing transparency undermines informed consent and can lead users to disclose sensitive bearer tokens without understanding the privacy and security consequences.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.