Back to skill

Security audit

Portfolio Optimizer

Security checks across malware telemetry and agentic risk

Overview

This skill openly manages a virtual trading portfolio, including virtual buy/sell actions, with disclosed but important cautions around external data fetching and confirmation before trades.

Install only if you want an agent that may change a virtual-trading portfolio when asked to optimize, rebalance, or execute the strategy. For tighter control, require the agent to show proposed trades and wait for explicit approval before placing orders, verify the external analysis repository before pulling it, and periodically review or clear strategy_state.md.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill directs the agent to run `git pull`/`git clone` against an external repository during normal execution, which expands behavior from portfolio analysis into unbounded network and code/content retrieval. Even if the repo is intended only as data, fetching remote content at runtime introduces supply-chain risk, prompt injection through repository files, and unauthorized network side effects not clearly constrained by the skill scope.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrases are broad generic investment requests such as 'optimize portfolio' or 'execute strategy,' which can cause the skill to activate in contexts where the user did not specifically consent to automated trading actions. Because this skill can place buy/sell orders, ambiguous triggering raises the risk of unintended execution rather than merely giving advice.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs the agent to create or overwrite `strategy_state.md`, establishing persistent state modification without clear user-facing disclosure or consent. Silent file writes can create hidden memory, alter future behavior, and make the skill stateful in ways the user may not expect, which is especially risky for a trading workflow where past state influences later decisions.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The instructions include networked Git operations but do not warn the user that execution may access remote systems and import external content. In a skill that also performs trading actions, undisclosed network access increases the danger because fetched content can influence financial decisions and creates side effects beyond the user's visible request.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The document explicitly describes how to place buy and sell orders, including a market-order example, but provides no warning that these actions can execute real trades, incur losses, or require explicit user confirmation before order placement. In a portfolio-optimization skill whose purpose is to buy, sell, and rebalance assets, this omission increases the chance that an agent will treat order execution as routine and perform financially impactful actions without adequate safeguards.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.