Security audit

AIOS

Security checks across malware telemetry and agentic risk

Overview

This is a local trading-discipline assistant that calculates risk and records trade logs, with no evidence of exfiltration, credential access, destructive behavior, or hidden execution.

Install only if you are comfortable storing trading plans and account-related details in local cleartext files under a workspace logs directory. Avoid using it in shared, public, or automatically synced folders unless you are comfortable with that exposure.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (6)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger phrases are broad enough to activate on ordinary investing conversations, which can cause the agent to enter a workflow that collects detailed financial information and encourages tool use without clear user intent. In a finance-related skill, overbroad activation is more sensitive because it may steer users into logging or decision workflows unexpectedly.

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The workflow trigger uses generic natural-language phrases like '我要买XXX' and '交易检查', which may capture casual discussion rather than an intentional request to execute a structured process. Because the skill can invoke Bash and persistent logging, accidental triggering increases the chance of unnecessary data handling or unwanted operational actions.

Vague Triggers

Low

Confidence: 78% confidence
Finding: Several sub-workflow triggers such as '复盘', '加仓', or '交易日志' are generic enough to match routine conversation and may invoke workflows or recommendations unexpectedly. The danger is moderated by the largely advisory nature of the skill, but it still creates avoidable privacy and consent risks when combined with file writes.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill directs persistent storage of detailed trade logs, including ticker, price, reasons, stop-loss, target, emotional state, and notes, but provides no user-facing warning about retention, sensitivity, or where the data is stored. In a personal finance context this is meaningfully sensitive behavioral and financial data, and the manual shell append pattern also risks unsafe handling of unescaped user content.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The trade log stores sensitive financial activity, symbols, prices, targets, and notes in cleartext local files under the current working directory without any disclosure, consent, access controls, or retention safeguards. In an agent/skill context, this is more dangerous because the script may run in shared workspaces or synced directories, causing unintended exposure of private trading history to other local users, processes, backups, or downstream tooling.

Missing User Warnings

Low

Confidence: 80% confidence
Finding: The `status` command prints recent trades directly, which can disclose sensitive financial history to anyone with terminal visibility, shell logging, captured agent output, or surrounding orchestration logs. In this skill context, agent-mediated command output may be surfaced to other systems, making accidental disclosure more plausible than in a purely local interactive utility.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.