Ashare Fast Watcher

Security checks across malware telemetry and agentic risk

Overview

This market watcher is not clearly malicious, but it includes underdocumented scanners, continuous polling, and shell-based local notifications that users should review before running.

Install only if you are comfortable reviewing and controlling the scripts yourself. Avoid running daemon.py as-is on a workstation until shell notifications are replaced with a safer API, polling behavior is made explicit and stoppable, dependencies are pinned, and the financial-alert behavior is clearly documented. Treat outputs as informational signals, not trading instructions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 85% confidence
Finding: The skill metadata declares no permissions, yet the analyzed capability set indicates network and shell access. That creates a transparency and trust problem: users and hosting platforms may approve the skill believing it is low-privilege when it can actually reach external services or execute local commands.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 92% confidence
Finding: The skill description materially understates and misrepresents behavior, including broader market scanning, alternate data sources, local notifications, and different polling characteristics. This mismatch is dangerous because it prevents informed consent and can hide higher-risk functionality, making it easier for unexpected data access, monitoring, or local system interaction to slip past review.

Missing User Warnings

Low

Confidence: 89% confidence
Finding: The skill polls Tencent market data over plain HTTP, which exposes queried instrument codes and response contents to passive observation and allows on-path tampering by a local network attacker or hostile proxy. In this trading-alert context, manipulated responses could trigger false alerts or suppress real ones, so the issue is more meaningful than a generic telemetry disclosure even though the transmitted symbols are not highly sensitive by themselves.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal