个股分析大师：面向A股支持单股深度分析与多股对比（综合/技术面/财报/价值面）。触发词：个股分析、个股对比、财报对比、价值分析、技术分析、买卖点、基本面、选时、ST分析。适用场景：用户需要对一个或多个明确股票标的做结构化分析与对比。

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed A-share stock analysis skill that fetches market data and produces structured investment analysis, but users should treat its trading levels as informational rather than instructions.

Install only if you are comfortable giving daxiapi-cli a DAXIAPI token and receiving actionable stock-analysis outputs. Do not treat the generated stop-losses, target prices, ratings, or entry conditions as personalized financial advice or automatic trading instructions; verify the data source, local token storage, and conclusions independently.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The skill states it should not be used for users seeking immediate trading instructions, yet later requires concrete stage recommendations, stop-losses, and target prices. This inconsistency can push the agent into giving actionable financial guidance despite the stated boundary, increasing the risk of unsafe or non-compliant investment advice.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal