Company Onepager

Security checks across malware telemetry and agentic risk

Overview

This stock-report skill is mostly aligned with its purpose, but it needs review because it handles finance API credentials with disabled TLS verification and imports code from another local skill path.

Review before installing. Use isolated and revocable finance API tokens, avoid running it on confidential watchlists unless web search and remote fonts are acceptable, and remove or fix verify=False before sending iFinD credentials. Also inspect or disable the hard-coded brave-search import so the skill does not execute code from another local skill unexpectedly.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (9)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill exposes capabilities to read environment variables and config files, write files, invoke Python, and access the network, yet it does not declare permissions or clearly constrain those actions. In this context, the skill requires sensitive tokens and performs external data fetching and report generation, so hidden or undeclared capabilities materially increase the risk of secret exposure, unintended file access, or execution beyond user expectations.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 90% confidence
Finding: The documented behavior says the skill generates a one-page company brief from prioritized data sources, but the analysis indicates it also performs undeclared capital-markets activity collection, web-search-based inferential analysis, and uses hardcoded dividend history. This mismatch is dangerous because users may approve a bounded reporting task while the skill actually expands data collection, introduces untrusted search content, and produces opaque outputs not traceable to the declared sources.

Description-Behavior Mismatch

Medium

Confidence: 89% confidence
Finding: The Markdown generator is expected to format supplied data, but it also performs live web searches during report generation. This expands the trust boundary, causes nondeterministic output, and can transmit sensitive user/company research context to external services without an explicit opt-in at the point of use.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The code modifies sys.path to a hard-coded workspace location and imports executable code from another skill at runtime. If that path or referenced skill is altered by another local user, compromised package, or untrusted workspace content, this script will execute attacker-controlled code in the current process.

Vague Triggers

Medium

Confidence: 78% confidence
Finding: Broad trigger phrases such as stock research, company brief, and stock analysis create ambiguous activation boundaries, increasing the chance the skill is invoked for loosely related prompts. Because the skill can access credentials, local files, network resources, and generate outputs, overbroad activation can cause unintended execution and data handling in contexts where the user did not mean to run this workflow.

Missing User Warnings

Medium

Confidence: 79% confidence
Finding: The script persists collected company and news data under a predictable local path without any user notice or consent flow. In agent environments, silent local retention can expose sensitive research context, queried targets, and fetched external content to other local processes, users, or later tasks.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The code sends both user-derived query data and an authorization token to external iFinD endpoints without any explicit disclosure in the script flow. In a skill context, undisclosed outbound transmission matters because users may assume local-only processing while their requests and credentials are being used against third-party services.

Missing User Warnings

Medium

Confidence: 82% confidence
Finding: Search queries containing company names and research intent are sent to an external search provider without clear disclosure or consent at the operation site. In a research/reporting skill, this can leak proprietary watchlists, analysis targets, or user interests to third parties, especially because the feature is triggered automatically during generation.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The generated HTML imports a Google Fonts URL, causing PDF generation to make external network requests. If the Markdown contains sensitive company research or unpublished data, rendering leaks metadata and potentially fetch timing/IP information to a third party, and may violate offline/privacy expectations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal