Security audit

Market Sentiment Radar

Security checks across malware telemetry and agentic risk

Overview

This skill is not malware, but it can give concrete trading exposure advice while some market sections appear to be hard-coded or under-sourced.

Install only if you want a non-personal market commentary aid. Verify market, sector, and macro claims independently, treat the position sizing as educational rather than advice, and do not let this or linked trading tools place trades or manage real money without explicit human review.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 89% confidence
Finding: The skill’s documented behavior does not align with its apparent operational model: it implies live market, sector-flow, and cross-market analysis while the finding indicates undeclared external data access and some analyses may be based on fixed placeholder outputs. In a financial decision-support context, this can mislead users about data freshness, provenance, and accuracy, causing inappropriate trading decisions and violating least-surprise and permission transparency expectations.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The document gives direct, aggressive trading instructions such as urging users to 'immediately get on board' and increase exposure substantially, without any risk disclosure, suitability caveat, or statement that the material is not financial advice. In the context of a skill explicitly designed to tell users whether they should trade and what position size to take, this can unduly influence financial decisions and increase the likelihood of monetary loss.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The case studies recommend concentrated actions like 'heavy position attack' and specific staged increases in exposure, but they do not disclose that these are retrospective examples, may not generalize, and can produce significant losses if copied in live markets. Because the surrounding skill is meant to generate a market health report and guide downstream trading behavior, these examples function as actionable prompts rather than neutral education.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal