Back to skill

Security audit

Ask a Legend

Security checks across malware telemetry and agentic risk

Overview

This trading-analysis skill is not clearly malicious, but it automatically installs and updates external code and stores an optional API key in local files, which users should review before installing.

Install only if you are comfortable with the skill cloning and updating external GitHub repositories, installing Python packages, using local MT5/TradingView data access, and keeping a TradingView key in ~/.tlc/.env. Prefer entering secrets directly into the local file rather than chat, review the upstream repositories and setup script first, and remove the ~/.tlc configuration if you no longer want the persistent state.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill does substantially more than its stated purpose of providing trading analysis: it clones/updates external repositories, installs packages, and creates persistent local configuration and secret files. That expands the trust boundary from simple analysis to code execution and environment modification, creating supply-chain and local-state risks that are not clearly disclosed in the skill description.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill instructs collection and persistent storage of a TradingView API key in a shared .env file, despite the public description presenting the skill as a narrow analysis helper. Handling secrets introduces confidentiality and misuse risks, especially when the key may be transmitted through chat or stored on disk without clear retention, access, or redaction controls.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill automatically clones or updates a repository and installs dependencies during routine use, but the manifest does not prominently warn about these side effects. This can surprise users and exposes them to remote code execution through setup scripts and dependency installation from external sources.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill directs users to provide and persist a TradingView API key without a prominent privacy warning in the manifest. Even if intended for legitimate functionality, collecting secrets without clear disclosure increases the chance of accidental exposure, oversharing in chat, or insecure local storage.

Credential Access

High
Category
Privilege Escalation
Content
subtler form of fabricating data.

## 0b. First-run setup (auto-configure — runs ONLY when config is missing)
Still inside `$TLC_HOME`, check for config: `ls .env config.yaml 2>/dev/null`.
- **Both present → already configured. Continue to §1, and do NOT re-prompt for
  anything** (including a TV key): if TradingView is enabled but `.env` has no
  `TVR_API_KEY`, say so **once**, only the first time a TV symbol is actually
Confidence
84% confidence
Finding
.env

Self-Modification

High
Category
Rogue Agent
Content
into this call. Re-assert `cd "$TLC_HOME"` + the PATH export in `terminal` and
  retry there. **Never** let such an error override data you already fetched
  successfully earlier in the same conversation — reuse that data, don't discard it.
- **Read and write this skill's files in `terminal` too** — temp `frames.json`/
  `packet.json`/`ballot.json`, spec files, `config.yaml`/`.env`. Every path here
  is relative to `$TLC_HOME`; if you use any other tool for a file, give it the
  **absolute** path under `$TLC_HOME`, or the next terminal command won't find it.
Confidence
86% confidence
Finding
write this skill's

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.