Back to skill

Security audit

Polaris

Security checks across malware telemetry and agentic risk

Overview

This skill appears to provide the advertised market and news tools, but it understates that user queries, portfolio holdings, strategies, URLs, and report requests are sent to its remote API.

Review this before installing if you may enter sensitive financial holdings, trading strategies, research queries, or private URLs. The service behavior is broadly purpose-aligned, but treat the no-user-data/read-only claims as unreliable until the publisher documents exactly what is transmitted, logged, retained, and sent through alerts or webhooks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The header comment states that all requests are read-only and use only public endpoints, but the implementation issues multiple POST requests that submit user-provided data for generation, crawling, screening, backtesting, portfolio analysis, correlation, and report generation. This is a trust and transparency flaw: users and integrators may make security and privacy decisions based on inaccurate claims, causing them to unknowingly send prompts, URLs, holdings, and other inputs to remote services.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The /portfolio command collects user portfolio holdings and transmits them to a remote API without an explicit warning at the point of collection. Portfolio composition can be sensitive financial information, so silent transmission increases privacy risk and may violate user expectations created by the skill's lightweight command interface.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The /crawl command sends an arbitrary user-supplied URL to a remote crawling endpoint without a specific warning. This can expose sensitive internal, pre-release, or private-by-obscurity URLs to a third party, and users may not realize the skill is delegating retrieval and extraction to an external service.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill advertises an alerting feature with webhook delivery but does not disclose that user-supplied alert data may be transmitted to an external endpoint. This creates a privacy and data-handling risk because users may configure notifications without understanding that ticker selections, thresholds, or other usage metadata could leave the platform and be sent to third-party infrastructure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.