Back to skill

Security audit

GI ValueSider Superinvestor Data

Security checks across malware telemetry and agentic risk

Overview

This skill fetches public ValueSider investor portfolio pages and parses them into JSON, with no evidence of hidden, destructive, or credential-related behavior.

Install this only if you are comfortable with your agent contacting ValueSider to retrieve public portfolio pages and running local Python scripts to parse them. For tighter operational hygiene, use an isolated Python environment and review or pin dependency versions before using the optional direct-fetch script.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill instructs the agent to perform outbound network access and read local temp files, but it does not declare any permissions or capability boundaries. This creates a mismatch between documented trust expectations and actual behavior, making it easier for the skill to exfiltrate fetched data, access unintended files, or evade policy controls that rely on declared permissions.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The README indicates the skill may trigger when a user mentions broad terms like holdings, 13F, ValueSider, or a fund manager, which can cause activation on generic finance queries without clear user intent to use this specific external-data skill. Over-broad triggering is dangerous because it can cause unexpected network access and retrieval of third-party content, increasing privacy, compliance, and user-consent risks even if the fetched data itself is not inherently sensitive.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README explicitly describes live fetching from valuesider.com in Cursor or via MCP web_fetch, but it does not present a clear user-facing warning that the skill will access an external site and transmit request metadata to a third party. This is risky because users may unknowingly trigger outbound network activity, creating consent, privacy, and policy issues, especially when broad triggers can invoke the skill automatically.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.