Us Stock Radar Gold3bear

Security checks across malware telemetry and agentic risk

Overview

This is a stock-market lookup skill that uses public finance and news sources, with no evidence of credential theft, persistence, or destructive behavior.

Install this only if you are comfortable with ticker symbols and market questions being sent to public finance, news, and social-search services. Treat outputs as informational market data, not financial advice, and verify Python dependencies before running the scripts.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 86% confidence
Finding: The skill embeds executable Python and shell usage that perform outbound network requests and local command execution patterns, but it does not declare permissions accordingly. This creates a trust and enforcement gap: a platform or reviewer may underestimate what the skill can do, and if execution is allowed later, the skill could access external resources without explicit user or platform consent.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 78% confidence
Finding: The declared description says the skill monitors US market quotes and sentiment via Yahoo Finance, Google News RSS, and X/Twitter, but the body also includes additional data collection workflows for NY Fed and FRED and references broader tooling/stock dashboards. Even if financially relevant, undeclared behavior increases the attack surface and can mislead users and reviewers about which third parties are contacted and what data the skill processes.

Vague Triggers

Medium

Confidence: 72% confidence
Finding: The trigger phrases are broad terms such as general questions about the US market, indices, and futures, which can cause the skill to activate during ordinary conversation where the user did not actually request external lookups or this specific workflow. Over-broad invocation can lead to unnecessary network access, unexpected tool usage, and confusing or privacy-impacting behavior in benign chats.

Natural-Language Policy Violations

Medium

Confidence: 80% confidence
Finding: The skill description is written to enforce Chinese-language behavior regardless of user preference, which can create misleading or non-consensual behavior and may cause the agent to respond in an unexpected language. While not a classic security flaw, forced-language behavior is a policy and UX safety issue because it overrides user intent and can obscure what external actions the skill is taking.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal