Unbeatable Condor Strategy

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed market-data options signal tool, but its outputs should be treated as risky trading analysis rather than financial advice.

Install only if you want a local public-market-data options signal tool. Treat any strike recommendations as informational and independently validate them before risking money, especially because short options and condors can create substantial losses and the skill does not place trades or verify suitability for your account.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 94% confidence
Finding: The skill’s declared purpose is a simple daily threshold check, but the documented behavior expands into downloading market data, training ML models, forecasting next-day price ranges, and producing specific options trade recommendations. This mismatch is dangerous because users and calling agents may grant trust, permissions, or automation scope based on the narrow description while the skill actually performs materially more complex and risk-bearing financial analysis.

VirusTotal

No VirusTotal findings

View on VirusTotal