Gold Fundamental Analysis

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed gold-market data fetcher/analyzer, with manageable risks around outbound requests, financial-use reliance, and an exposed FRED API key.

Before installing, expect the script to contact FRED, CFTC, SSGA, the Federal Reserve, and faireconomy.media for live data. Do not treat its output as financial advice, and do not supply a sensitive or shared FRED key unless you are comfortable with it being sent to FRED. The publisher should remove and rotate the exposed default key and pin dependencies, but the reviewed artifacts do not show hidden, destructive, or purpose-incompatible behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (7)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 87% confidence
Finding: The skill instructs the agent to run a Python script that uses network access and environment variables, but the skill does not declare those permissions or clearly scope them. This creates a transparency and consent problem: operators may execute a skill believing it is metadata-only while it actually performs external requests and consumes secrets from the environment.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 92% confidence
Finding: The documented behavior does not fully match the actual behavior: it reaches an additional external source, relies on scraping for one source, and omits the promised analysis stage. Behavior mismatches are dangerous because they undermine trust boundaries and can hide undeclared data flows or operational risks from reviewers and users.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill asks the agent to execute a script that makes several external network requests and uses an API key, but the description does not warn users about those side effects. Lack of disclosure can lead to unintended data egress, unexpected third-party contact, and accidental secret usage in environments where outbound access is sensitive.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: Embedding a live default API key in source code is a secret-management weakness. Anyone with code access can reuse the key, potentially causing unauthorized API consumption, quota exhaustion, billing/attribution issues, or key revocation; in an agent skill that is meant to be executed automatically, this increases the chance the credential is propagated widely.

Ssd 3

High

Confidence: 99% confidence
Finding: The skill file exposes a hardcoded FRED API key in plain text. Embedded credentials are high risk because they can be copied, abused, rotated poorly, and reused outside the intended environment, potentially causing quota exhaustion, unauthorized usage, and broader secret-management failures.

Unpinned Dependencies

Low

Category: Supply Chain
Content: requests>=2.25.0
Confidence: 97% confidence
Finding: requests>=2.25.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High

Category: Supply Chain
Confidence: 94% confidence
Finding: requests

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal