Back to skill

Security audit

Trading_Agents_for_Futures

Security checks across malware telemetry and agentic risk

Overview

This is a futures-market analysis skill that downloads public market data and writes local reports, with no evidence of account access, credential theft, exfiltration, or destructive behavior.

Install it in an isolated Python environment, expect outbound public market-data requests and local cache/report files, and pin or audit dependencies before serious use. Do not allow automatic web searches to include confidential portfolio, client, or strategy details, and treat its trading outputs as decision support rather than executable financial advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill advertises broad operational behavior including shell execution, filesystem access, environment access, and network retrieval, yet does not declare permissions. This creates a transparency and consent problem: a host agent or reviewer may assume a lower-trust profile than the skill actually needs, increasing the chance of unintended execution with excessive capability.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The skill is described as a 'zero API key, pure rule engine', but the documented behavior depends on online data fetching, external websites/services, and automatic dependency installation. This mismatch can mislead operators into trusting it as offline/local-only logic, when in reality it expands the attack surface to network exfiltration, supply-chain risk, and runtime code execution during setup.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The long-side risk check looks for skill names `inventory` and `positioning`, but the rest of the code uses `inventory_analysis` and `positioning_analysis`. This causes bearish signals from those core dimensions to be missed during risk scoring, which can systematically understate risk and produce larger-than-intended positions or approvals in a trading decision engine.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
This is a real defect with security relevance because the rule engine references an undefined variable `structure` inside warehouse-receipt analysis branches. If those branches execute, the skill raises a runtime exception, falls into the broad `except`, and degrades analysis output; in an automated trading pipeline this can suppress or distort signals and create a denial-of-service style failure of decision support. The trading-skill context makes this more dangerous than a generic bug because failed or silently degraded analysis may influence financial decisions.

Known Vulnerable Dependency: pyarrow — 8 advisory(ies): CVE-2023-47248 (PyArrow: Arbitrary code execution when loading a malicious data file); CVE-2019-12408 (Missing Initialization of Resource in Apache Arrow); CVE-2019-12410 (Missing Initialization of Resource in Apache Arrow) +5 more

Critical
Category
Supply Chain
Confidence
89% confidence
Finding
pyarrow

Known Vulnerable Dependency: pyyaml — 8 advisory(ies): CVE-2019-20477 (Deserialization of Untrusted Data in PyYAML); CVE-2020-1747 (Improper Input Validation in PyYAML); CVE-2020-14343 (Improper Input Validation in PyYAML) +5 more

Critical
Category
Supply Chain
Confidence
87% confidence
Finding
pyyaml

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
84% confidence
Finding
requests

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.