股票实时行情分析器(安全版)

Security checks across malware telemetry and agentic risk

Overview

This stock-analysis skill is coherent and user-directed, but users should handle its financial-data and email credentials carefully.

Install only if you are comfortable using AkShare/JQData and optional QQ or Gmail SMTP credentials. Use a virtual environment, provide credentials through environment variables where possible, use app-specific email passwords, review reports before sending, and note that jq_login.py stores the account phone identifier locally while send_email.py currently expects the recipient address to be the sending mailbox.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 95% confidence
Finding: The skill documentation describes use of environment variables, shell commands, and report generation/email workflows, but no explicit permissions are declared for those capabilities. This creates a trust and sandboxing gap: a caller or platform may underestimate what the skill can access or modify, increasing the risk of unintended file access, shell execution, or secret exposure during operation.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 84% confidence
Finding: The stated description focuses on stock quotes, basic fundamentals, report generation, and email sending, but the skill also appears to support interactive JQData account configuration, credential display/clearing, login testing, quota checks, and additional financial statement retrieval. This mismatch broadens the operational and data-handling surface beyond what a user would reasonably expect, which can lead to surprise credential processing or access to account-related information under a narrower-seeming description.

Intent-Code Divergence

Medium

Confidence: 96% confidence
Finding: The script treats the --to argument as both the sender identity and the recipient, so it logs in as and sends to the same address. In a skill context, this can misroute sensitive stock reports, break expected delivery semantics, and encourage users to supply mailbox credentials for arbitrary recipient addresses, creating confusion and possible credential misuse.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal