Back to skill

Security audit

Quant Trading CN

Security checks across malware telemetry and agentic risk

Overview

This is mostly a trading guidance skill, but it points users toward missing or unreviewed trading scripts and live broker workflows that could affect real money.

Review before installing. Do not run the referenced scripts or clone-and-run the upstream project unless you separately inspect that code. Treat any generated bot as untrusted until tested in paper/backtest mode, keep broker credentials out of shared files, set strict capital and risk limits, and require explicit confirmation before any live order placement.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The README frames the skill as advisory, but the documented behavior goes beyond passive guidance into generating complete live-trading bots, integrating with broker APIs, and offering automatic code changes. This mismatch can cause users to grant the skill more trust and autonomy than intended, increasing the chance of unsafe code generation or operational misuse in a financial context.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The disclaimer claims the skill does not execute trades without user confirmation, yet the rest of the documentation promotes live-trading system generation, broker credential setup, and operational workflows for real trading. That inconsistency is dangerous because it may mislead users about the degree of automation and risk, especially when handling brokerage integrations and code that could be deployed with minimal review.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.