Back to skill

Security audit

modern-portfolio-theory

Security checks across malware telemetry and agentic risk

Overview

The skill is generally aligned with portfolio management, but its portfolio deletion path has weak safeguards that could permanently remove more local data than intended.

Install only if you are comfortable with a local portfolio tool that can write persistent config, state, cached price data, reports, and optional cron jobs. Avoid using the delete command, especially --force, until the package validates portfolio names/paths and requires a clear confirmation. Use environment-variable placeholders for SMTP credentials rather than plaintext passwords in config files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
This command performs recursive deletion of the entire portfolio directory via shutil.rmtree, and the --force flag bypasses the confirmation guard. In an agent or automated context, destructive functionality materially increases risk because a mistaken or manipulated invocation can cause irreversible local data loss.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documented delete command allows removal of a portfolio without any stated warning, preview, or confirmation requirement in the skill guidance. In a skill that manages on-disk portfolio configs, reports, and history, this creates a real risk of accidental or socially engineered destructive actions leading to irreversible data loss.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code serializes the full email configuration, including smtp_password, into portfolios/<name>/config.yaml. Persisting credentials to disk increases exposure through accidental commits, backups, overly broad file permissions, shared workspaces, or local compromise; in a portfolio-management skill, those SMTP credentials could be abused to send mail as the user or access related mail infrastructure.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
mpt_portfolio/config.py:80