Hk Stock Radar

Security checks across malware telemetry and agentic risk

Overview

This market-data skill is mostly coherent, but it asks the agent to use a logged-in X/Twitter browser session without clear consent or account-safety boundaries.

Install only if you are comfortable with the agent making external market/news requests. Do not allow it to use a logged-in X/Twitter browser session unless you explicitly want account-context searches; prefer unauthenticated sources or require read-only, user-approved browsing for social sentiment checks.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill embeds executable Python and shell usage patterns plus multiple outbound network calls, but declares no permissions or guardrails. In an agent environment, this creates hidden capability expansion: the skill can reach external services and invoke local commands without transparent consent, which increases the risk of unintended data egress, unsafe execution, and policy bypass.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 88% confidence
Finding: The declared behavior does not accurately match the implemented and suggested behavior: AkShare is used despite not being clearly disclosed, while claimed Yahoo Finance, Google News RSS, and X/Twitter monitoring are not actually implemented in code. This mismatch is dangerous because reviewers and users cannot reliably understand what the skill really does, making hidden data access, over-broad invocation, or future unsafe extensions easier to slip through.

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The trigger phrases are very broad and overlap with ordinary financial conversation, so the skill may activate in contexts where the user did not intend external market lookups or sentiment checks. In agent systems, ambiguous invocation increases the chance of unnecessary network access, surprising behavior, and unintended use of privileged browsing or account-backed actions.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill instructs use of a logged-in X/Twitter account for monitoring without any user-facing notice or consent boundary. In a browser-enabled agent, this can expose private session context, leak browsing metadata, trigger account-linked activity, or cause access to personalized content under the operator's identity, which is substantially more dangerous than anonymous web fetching.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal