Sun Yuchen's stock selection model

Security checks across malware telemetry and agentic risk

Overview

This skill coherently generates stock and sector reports from public market/news data, with no evidence of hidden data theft, destructive behavior, or deceptive execution.

Install only if you are comfortable with local Node.js scripts making outbound requests to public market/news services. If you provide TAVILY_API_KEY, use a key intended for this tool. Treat outputs as informational market commentary, not investment advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill declares no explicit permissions, yet its documented workflow invokes Node.js scripts that use environment variables and perform network access to fetch market data, news, and external search results. This weakens transparency and security review because operators and users cannot accurately assess what capabilities the skill requires before activation.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 88% confidence
Finding: The documented purpose centers on sector research reports, but the skill also describes AI-specific news brief generation and abnormal-movement monitoring with periodic polling. This scope expansion can cause users or platform reviewers to approve the skill under a narrower trust model than its actual behavior, especially because continuous monitoring and watchlist tracking materially change runtime behavior and data access patterns.

Vague Triggers

Medium

Confidence: 81% confidence
Finding: The invocation examples are broad, natural-language finance queries without clear activation boundaries, which can cause the skill to trigger on loosely related user requests. In an agentic environment, ambiguous triggering can lead to unnecessary external requests, unintended script execution, or finance-oriented output when the user did not intend to invoke this skill.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal