Back to skill

Security audit

Xueqiu Hot Cn

Security checks across malware telemetry and agentic risk

Overview

This skill is non-destructive, but it presents finance-related Xueqiu hot discussions as current while its script returns fixed mock posts.

Install only if you are comfortable treating the output as demo/sample market discussion data. Do not rely on it for current Xueqiu sentiment, trading research, or investment decisions unless the publisher clearly implements live retrieval, adds freshness/source labeling, and narrows activation to explicit Xueqiu requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The skill advertises itself as a Xueqiu hot-discussions monitor, but the implementation returns only static mock data. This is a deceptive capability mismatch that can mislead users or downstream agents into making decisions based on fabricated market content presented as current information.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The module and function documentation imply that the script retrieves real-time Xueqiu content, but the code uses fixed simulated entries. In a financial-monitoring context, this increases risk because consumers may trust the output as live market sentiment or investment discussion data when it is not.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger list includes very broad terms like '股票' and '投资', which are common in ordinary finance conversations and can cause the skill to activate unintentionally. In an agent environment, this increases the chance of over-triggering on unrelated user requests, leading to incorrect tool use, unnecessary external data access, and degraded trust in agent behavior.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal