Valu Ai

Security checks across malware telemetry and agentic risk

Overview

This is a stock valuation skill whose network calls, DeepSeek API use, quota tracking, and report saving fit its stated purpose, though users should understand the privacy and local-storage implications.

Install only if you are comfortable using a DeepSeek API key and sending selected stock symbols plus assembled public market, financial, and news context to DeepSeek. Avoid using sensitive personal identifiers as the user ID, because quota and usage history are stored locally in plaintext. Review Python dependencies before running the scripts.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill advertises significant capabilities such as environment access, file read/write, and network use without declaring corresponding permissions. This undermines least-privilege controls and prevents users or the hosting platform from understanding what sensitive resources the skill may access, creating risk of unintended data exposure, local persistence, or outbound exfiltration.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 96% confidence
Finding: The documented purpose does not match the reported behavior: the skill appears to include quota/payment logic, local data persistence, external LLM calls, news retrieval, and an interactive CLI beyond the stated valuation function. Hidden or under-disclosed behavior is security-relevant because it can cause users to expose data to third parties, incur charges, or allow the skill to store and process information in ways they did not consent to or expect.

Description-Behavior Mismatch

Medium

Confidence: 97% confidence
Finding: The skill sends compiled stock, financial, and company-context data to an external AI API via requests.post, but the skill metadata does not disclose third-party transmission. This creates a data-governance and privacy risk because users may reasonably assume analysis is local, while their inputs and derived data are actually exported to an external service.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The module stores user identifiers and usage history in a local JSON file without any visible consent flow, disclosure, or protective controls in this code path. While not an exploit primitive by itself, this creates privacy and data-handling risk because sensitive usage metadata may be collected and retained silently, and local flat-file storage is easier to expose or mishandle than a protected datastore.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal