Back to skill

Security audit

Factorlab

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed A-share factor-analysis tool, but users should treat its buy signals cautiously because it can fall back to simulated market data.

Install only if you understand this is a research/scoring helper, not financial advice. Check every result’s data source: if it says simulated data, do not treat the buy recommendation as market-based. Prefer using it with live pytdx data enabled, and avoid relying on it for non-A-share securities or real trading decisions without independent verification.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The engine presents concrete stock buy recommendations while silently falling back to simulated data when live data is unavailable. In a financial-advice skill, this is dangerous because users may believe recommendations are based on real market conditions and make trading decisions on fabricated inputs, creating material financial harm and misleading-output risk.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger description is broad enough to activate on common investing questions, which can cause the skill to run in situations where the user did not specifically request this methodology or where a safer, more general response would be preferable. Overbroad activation increases the chance of inappropriate tool use, misleading advice framing, or accidental execution of analysis workflows on loosely related prompts.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The activation scenarios specify when to use the skill but do not define when not to use it, creating ambiguity that can cause over-invocation on unsuitable requests. In a financial context, unclear boundaries are more dangerous because they can lead to authoritative-sounding stock recommendations outside the intended scope, including unsupported markets, insufficient data cases, or general advice requests.

Natural-Language Policy Violations

Medium
Confidence
78% confidence
Finding
The skill content is written to operate in Chinese and appears to assume Chinese-language interaction without documenting locale constraints or user preference handling. This is not a severe security issue, but it can create consent, usability, and misunderstanding risks if the skill activates for users expecting another language or market context.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The code connects to external quote servers and retrieves live market data without any user-facing notice, consent flow, or disclosure. In an agent skill context, undeclared network access can violate user expectations, policy boundaries, or deployment constraints, and it obscures where decision-critical data is coming from.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.