Security audit

Tqsdk策略量化

Security checks across malware telemetry and agentic risk

Overview

This is a real TqSdk trading strategy library, but it includes executable auto-trading scripts with embedded live-looking credentials and limited safety gating.

Review carefully before installing or running. Treat the included scripts as high-risk trading code: remove and rotate any exposed credentials, use environment variables or prompts for authentication, run only with TqSim/paper trading first, and do not connect to a live account without adding explicit live-mode controls, position limits, and stop/kill-switch behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (50)

Intent-Code Divergence

Medium

Confidence: 98% confidence
Finding: The strategy uses `volume_long` and `volume_short` in trading decisions without ever initializing them from an actual position query. In a live or simulated trading loop this can cause crashes, undefined behavior, or incorrect order flow at the point where position-dependent safety logic should apply, making automated trading decisions unreliable and potentially unsafe.

Intent-Code Divergence

Medium

Confidence: 98% confidence
Finding: The code performs trading decisions based on `volume_long` and `volume_short`, but those variables are never initialized from actual account positions. This will either crash at runtime with a `NameError` or cause position-management logic to be absent/incorrect if later patched improperly, which is dangerous in an automated trading script because it can leave positions unmanaged or execute unintended trades.

Intent-Code Divergence

High

Confidence: 99% confidence
Finding: The code uses `volume_long` and `volume_short` in trading decisions without ever retrieving or initializing them. This will raise a runtime exception or leave position handling undefined, which is especially dangerous in an automated trading strategy because it can disable exit logic and prevent intended risk controls from executing.

Intent-Code Divergence

High

Confidence: 99% confidence
Finding: The code uses volume_long and volume_short in trading decisions without ever retrieving or initializing current position state. In practice this will either raise a runtime exception or cause the strategy to operate on undefined state, which can disable risk controls, prevent exits, or result in incorrect order placement in an automated trading context.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The strategy documentation states that when price breaks below GRID_LOW it should stop buying or optionally clear long positions, but the implementation has no lower-bound guard and will continue triggering buy logic on downward crossings. In a strongly falling market, this can accumulate losing long exposure beyond the documented risk model, creating avoidable financial loss and unsafe behavior for an automated trading skill.

Intent-Code Divergence

High

Confidence: 99% confidence
Finding: The code reads position.volume_long to determine current holdings, but no position object is ever initialized, so this will raise an exception at runtime and break trading logic. In an automated trading context, a crash during live execution can leave orders or positions unmanaged, prevent risk controls like clearing on breakout, and cause significant operational and financial harm.

Intent-Code Divergence

Medium

Confidence: 99% confidence
Finding: This is a real defect with security and safety implications in an automated trading context. The code references `position.volume_long` and `position.volume_short` for stop-loss and end-of-day liquidation, but no position object is ever initialized (for example via `api.get_position(SYMBOL)`), so the risk-management path cannot operate as documented and the strategy may crash or fail to exit positions when needed.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The strategy hardcodes trading account credentials directly in source code via TqAuth("13556817485", "asd159753"). This exposes secrets to anyone with repository, log, backup, or distribution access and can enable unauthorized authenticated access to the trading platform, potentially leading to account misuse and financial loss. In the context of a simple VWAP strategy, embedding live credentials is especially unjustified and materially increases risk.

Intent-Code Divergence

Medium

Confidence: 96% confidence
Finding: This is a real logic flaw: outside of fresh reversal-entry signals, the code always calls set_target_volume(0), regardless of the current position. That means it will flatten on every bar after an entry instead of only closing positions that conflict with the detected trend, causing unintended exits, strategy malfunction, and possible financial loss from churn and missed trend exposure.

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: The comments describe side-specific exits, but the implementation calls set_target_volume(0) based only on whether price is above or below the middle band, without checking the current position direction. In practice this can immediately flatten any newly opened position on the next evaluation or close the wrong side relative to the documented strategy, causing unintended trade behavior and financial loss in live trading.

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: The strategy documentation promises PP-based stop-loss behavior for both long and short positions, but the implementation only opens positions and performs profit-taking at R1/S1. Missing stop-loss logic can leave positions open when price reverses through the pivot, causing materially larger-than-described losses and creating a mismatch between operator expectations and actual risk controls.

Intent-Code Divergence

Medium

Confidence: 93% confidence
Finding: The strategy documentation says breakout decisions are based on the past N-day highest and lowest prices, but the implementation derives thresholds from closing prices only. In a live trading skill, this mismatch can materially change entry behavior, create false assumptions during review or backtesting, and lead operators to deploy a strategy with risk characteristics different from what was described.

Intent-Code Divergence

Medium

Confidence: 98% confidence
Finding: The helper is labeled as ADX computation, but it uses ATR and returns a nonstandard derived value rather than a correct ADX. Because ADX is used as a gate for trade execution, this can cause systematically incorrect entries and exits, making the strategy behave unpredictably and potentially increasing financial loss in an automated trading context.

Intent-Code Divergence

Medium

Confidence: 92% confidence
Finding: The file is framed as a strategy demonstration, but it initializes authenticated TqSdk components and contains live order-placement logic via insert_order calls. Even though it uses TqSim in this version, requiring credentials and embedding executable trading behavior increases the risk that a user runs it believing it is educational or analysis-only, and similar code could be switched to live trading with minimal changes.

Intent-Code Divergence

High

Confidence: 96% confidence
Finding: The file presents itself as a learning/backtest strategy, but the code initializes authenticated TqApi access with TqAuth and uses order-placement calls that can execute real trades if connected to a live-capable environment. That mismatch is dangerous because a user may run the script expecting harmless analysis or simulation and instead submit market orders, causing financial loss or unintended account activity.

Intent-Code Divergence

Medium

Confidence: 96% confidence
Finding: The strategy documentation and comments state that entries should require a true Tenkan/Kijun crossover, but get_signal() only checks the current ordering of the two lines. In an automated trading skill, this semantic mismatch can generate repeated or stale buy/sell signals after the crossover event has already passed, causing unintended trades and materially increasing financial risk.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The code claims to compute Chikou Span as the current close shifted backward, but instead stores the close from 26 periods ago. Because the strategy uses this value for trade confirmation, the implementation inverts the intended Ichimoku logic and can approve or reject trades based on incorrect historical comparisons, directly affecting live trading behavior.

Intent-Code Divergence

Medium

Confidence: 92% confidence
Finding: The strategy stores hedge positions by pair key `(symbol_a, symbol_b)`, but `update_positions` replaces that model with raw account positions keyed by individual symbol. This can corrupt internal state, causing the strategy to mis-detect whether a hedge is open, fail to close both legs correctly, or issue duplicate/unbalanced orders that leave unintended directional exposure.

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: The strategy documentation promises a 2% daily-loss reduction mechanism, but the code never tracks equity, PnL, or enforces any stop-loss/de-risking action. In an automated trading context, this mismatch can cause operators to rely on protections that do not exist, leading to unmanaged losses during adverse market moves.

Intent-Code Divergence

High

Confidence: 90% confidence
Finding: The stated confidence threshold is 60%, but the implemented scoring makes valid trade signals effectively unable or extremely unlikely to satisfy that threshold, causing strategy behavior to diverge from documented controls. In an automated trading context, broken or misleading risk gating is dangerous because operators may believe a safeguard exists when it does not function as intended.

Intent-Code Divergence

High

Confidence: 98% confidence
Finding: The strategy documentation states it uses daily K-line data, but the implementation subscribes to tick data with get_tick_serial and then processes it as if it contained OHLC bars. In an automated trading context, this mismatch can cause factor calculations, rebalance timing, and resulting orders to be based on the wrong data granularity or invalid fields, creating materially incorrect trades and financial loss.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The file embeds live-looking trading account credentials directly in source code via TqAuth("13556817485", "asd159753"). Hardcoded secrets are dangerous because anyone with repository, log, artifact, or deployment access can reuse them to access the trading account, potentially placing trades, exfiltrating account data, or causing financial loss.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The file contains hard-coded trading account credentials directly in source code. Anyone who can read the repository, logs, backups, or deployment artifact can recover them and potentially access the trading account, leading to unauthorized trading activity, account abuse, or exposure of account data.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The code automatically places and flips trading positions via `TargetPosTask.set_target_volume(...)` based on MACD signals, but provides no explicit runtime warning, confirmation gate, or safeguard distinguishing simulation from live trading. In a trading skill, automated order execution is inherently high-risk because a user could run the strategy with real credentials or a live account and trigger unintended market orders, losses, or rapid position reversals.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: Embedding authentication placeholders directly in source code normalizes credential-in-code practices and encourages users to replace them with real secrets in the file. That increases the chance of accidental credential leakage through version control, logs, screenshots, or code sharing.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.