Back to skill

Security audit

AI全栈量化 Master

Security checks across malware telemetry and agentic risk

Overview

This appears to be a genuine quant-trading guide, but it needs Review because it describes live automated trading and external bot integrations without enough safety gates.

Install only if you are prepared to treat it as a high-impact trading automation guide. Use paper or simulated trading first, verify remote installers before running them, keep QMT and Feishu credentials out of chats and repositories, grant the minimum bot permissions, and require explicit human approval plus hard exposure/order limits before any live order is placed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (11)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly advertises live trading and order placement capabilities but does not clearly warn users that actions may reach a real brokerage account and place live orders. In a trading context, omission of an execution-risk warning is safety-relevant because users may confuse examples, automation, or testing steps with paper trading and incur immediate financial loss.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill promotes 7×24 unattended automated trading without a clear warning about operational, financial, and account-level risks from autonomous execution. Continuous unattended operation increases the blast radius of software bugs, bad signals, credential misuse, or market anomalies because losses can accumulate before a user intervenes.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The installation steps instruct users to execute remotely fetched scripts via PowerShell and shell piping without any integrity verification or warning. This is dangerous because compromise of the source, transport, DNS, or repository could result in immediate arbitrary code execution on the user's machine.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill directs users to configure Feishu application credentials but does not clearly warn that these values are secrets that must not be committed, shared, or logged. Poor secret-handling guidance can lead to credential leakage, unauthorized bot control, and lateral access to messaging or workflow integrations.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill describes executing buy/sell trades and pushing reports to an external Feishu group as part of the normal workflow, but it does not require explicit user confirmation, authorization checks, dry-run mode, or other safeguards for these high-impact actions. In an agent setting, this creates a real risk of unauthorized financial transactions or unintended external disclosure if the workflow is triggered automatically or misused.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The document describes an automated workflow that reads local signal files, writes stage files locally, pushes reports to Feishu, and can execute trades via an execution agent, but it does not include explicit confirmation gates, scope limitations, or user-facing warnings about real-world side effects. In a multi-agent trading context, this is dangerous because readers may implement autonomous execution and messaging behavior that can modify systems or place financial trades without adequate human approval.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guide tells users to configure sensitive credentials such as API keys and an App Secret, but it does not warn them to keep these values out of screenshots, chat logs, shell history, or version-controlled config files. In a deployment guide for an agent framework, this omission increases the likelihood of accidental secret exposure, which could allow unauthorized API usage or bot takeover.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The Windows installation instructions pipe a remote PowerShell script directly into iex, which executes code fetched over the network without review or integrity verification. This is dangerous because a compromised upstream URL, repository, DNS path, or TLS-terminating environment could lead to arbitrary code execution on the user's machine, and the guide even encourages running it as Administrator.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The guide instructs users to grant multiple Feishu bot permissions, including message and document-related scopes, without explaining the resulting access to organizational data or the privacy implications. In the context of an always-on multi-agent system, broad bot permissions can expose chat content, metadata, and documents to unintended processing or exfiltration if the bot, plugin, or host is compromised.

Vague Triggers

High
Confidence
90% confidence
Finding
The trading skill example includes highly ambiguous triggers like '买入股票' and '卖出持仓' for actions that can directly affect financial accounts. In a skill ecosystem where natural-language invocation may map loosely to actions, underspecified triggers increase the risk of accidental or unauthorized trade execution.

Missing User Warnings

High
Confidence
95% confidence
Finding
This section describes account queries and buy/sell capabilities for a trading skill but provides no warnings about financial risk, no confirmation requirements, and no safeguards for destructive actions. In the context of an agent skill system, presenting transactional capabilities without explicit safety controls materially increases the chance of harmful real-world actions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.