Back to skill

Security audit

Tigerbrokers

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Tiger Brokers API skill, but it needs Review because it guides AI tools toward live brokerage actions while some credential, MCP, and order examples are not tightly scoped or warned.

Install only if you intentionally use Tiger Brokers APIs. Keep MCP read-only by default, use paper trading first, never store production private keys or 2FA tokens in project/editor config files, and require explicit human confirmation before any live order, modification, cancellation, forex order, or fund transfer.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill auto-activates on very broad everyday terms such as buy, sell, price, account, and order, which can cause it to trigger in unrelated conversations. In a trading skill, unintended activation is more dangerous than usual because it can steer an agent toward market-data retrieval or trading-oriented actions in contexts involving financial decisions, increasing the chance of unsafe or undesired assistance.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation exposes live trading actions (`place_order`, `cancel_order`) in an AI-integrated MCP server without a prominent, upfront safety warning that these tools can execute real orders unless read-only mode is enabled. In the context of AI editors and tool-calling agents, this increases the risk of accidental or unauthorized trade execution because a user may enable the server with write-capable credentials and not realize the operational consequences.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill includes copy-pastable examples for placing live option orders, including multi-leg strategies, but does not include prominent warnings about financial risk, live execution effects, account permission checks, or recommending paper/simulated trading first. In an AI-agent skill context, this increases the chance that an assistant will generate or execute trading code too readily, potentially causing unintended real-money trades or significant losses.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation gives multiple examples of placing brokerage credentials and RSA private keys directly into config files, environment variables, and source code strings, but it does not clearly warn against committing these secrets, exposing them via shell history/process listings, or storing them insecurely. In a trading SDK context, leaked credentials and signing keys could enable unauthorized API access, account data exposure, or potentially trading actions, making this materially dangerous.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The quickstart walks users through creating a live TradeClient and retrieving real account and position data, while describing funded live accounts as recommended, without a prominent warning that the same setup can act on real brokerage accounts. In an AI-agent skill, this increases the chance that users or automated tools connect to production accounts unintentionally and later issue live trading operations instead of using paper accounts.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.