Back to skill

Security audit

Forge a Trading Legend

Security checks across malware telemetry and agentic risk

Overview

The skill appears purpose-aligned for creating and testing trading strategy personas, but it automatically changes the local environment and may store an API key, so users should review it before installing.

Install only if you are comfortable with the skill running terminal setup, cloning or updating GitHub repositories under ~/.tlc, installing Python dependencies, touching MT5/TradingView configuration, and storing an optional TradingView API key in a local .env file. Prefer reviewing the referenced repositories and setup script first, and avoid sending API keys through chat unless you trust the channel.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill's declared purpose is to author and audition a trading persona, but its bootstrap also clones/updates external repositories and installs dependencies on the host. That expands the trust boundary from document generation into arbitrary supply-chain code execution, which can expose the system to malicious updates, post-install hooks, or unexpected host changes without clear user consent.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to collect, persist, and manage a TradingView API key in a local .env file even though the advertised purpose is strategy authoring. Secret handling broadens the capability scope and creates risk of credential disclosure, insecure storage, or over-collection if the user did not expect the skill to request and retain API credentials.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill directs cloning repositories, installing dependencies, editing configuration, and later storing secrets, but it does not present an upfront warning to the user that system state and credentials may be affected. This increases the chance that a normal content-generation request leads to unexpected host modification and trust escalation.

Credential Access

High
Category
Privilege Escalation
Content
subtler form of fabricating data.

## 0b. First-run setup (auto-configure — runs ONLY when config is missing)
Still inside `$TLC_HOME`, check for config: `ls .env config.yaml 2>/dev/null`.
- **Both present → already configured. Continue, and do NOT re-prompt for
  anything** (including a TV key): if TradingView is enabled but `.env` has no
  `TVR_API_KEY`, say so **once**, only the first time you audition on a TV symbol
Confidence
95% confidence
Finding
.env

Self-Modification

High
Category
Rogue Agent
Content
into this call. Re-assert `cd "$TLC_HOME"` + the PATH export in `terminal` and
  retry there. **Never** let such an error override data you already fetched
  successfully earlier in the same conversation — reuse that data, don't discard it.
- **Read and write this skill's files in `terminal` too** — the draft spec at
  `my_legends/<id>.md`, temp `ballot.json`, `config.yaml`/`.env`. Every path here
  is relative to `$TLC_HOME`; if you use any other tool for a file, give it the
  **absolute** path under `$TLC_HOME`, or the next terminal command won't find it.
Confidence
88% confidence
Finding
write this skill's

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.