Security audit

股票简单查询

Security checks across malware telemetry and agentic risk

Overview

This is a simple stock quote helper whose network calls match its purpose, with some transparency and credential-hygiene caveats.

Install only if you are comfortable with stock symbols being sent to Tencent Finance or Finnhub. Prefer a version that removes the embedded Finnhub key, documents network permissions, narrows generic triggers, and pins the requests dependency.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill clearly depends on external market data APIs, which implies network access, but it does not declare any corresponding permission or capability boundary. Undeclared network use weakens transparency and review, making it harder for operators and users to understand what external communication occurs and increasing the chance of silent data egress or unexpected remote dependencies.

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The code contains a hard-coded Finnhub API token directly in source and uses it for live external requests. Even though fetching stock quotes is aligned with the skill’s purpose, embedding a reusable third-party credential in distributed code exposes the token to theft, abuse, quota exhaustion, and unauthorized billing or account impact.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger set includes very generic phrases such as '看看' and '多少钱', which are common in normal conversation and can activate the skill unintentionally. In an agent environment, accidental invocation can cause unintended network requests, context hijacking from a more relevant skill, or disclosure of user-entered stock symbols or company names to third-party data providers.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: A hard-coded credential is used in an outbound request without any disclosure to users that their stock symbol queries for U.S. equities are sent to Finnhub. This creates both a secret-management problem and a transparency/privacy issue, because user input is transmitted to an external party unexpectedly.

Overly Broad Trigger

Low

Category: Trigger Abuse
Confidence: 97% confidence
Finding: The specific trigger '看看' is especially broad because it is a common conversational phrase with many non-financial meanings. This increases the chance of false activations, which can route user queries into the wrong skill and initiate unnecessary external lookups without clear user intent.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal