Back to skill

Security audit

A-Share Multi-Dimensional Quantitative Analysis

Security checks across malware telemetry and agentic risk

Overview

The finance tools are mostly coherent, but the setup sends an API key over plain HTTP and the included server exposes weak default secrets and database credentials.

Review before installing. Only use this skill if you trust the provider and network path; avoid sending bearer API keys over plain HTTP. Ask the publisher for an HTTPS endpoint, rotated and removed backend credentials, and clearer data-retention and access-scope documentation before using it with sensitive financial research.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
The skill is presented as a finance analysis tool, but the documented setup connects the agent to an external HTTP MCP server using bearer-token authentication, which is an important operational and trust boundary not fully disclosed in the description. If the backend also includes undeclared database connectivity or default credentials as the static finding suggests, users may unknowingly expose queries, tokens, or sensitive business context to external infrastructure they did not intend to trust.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The server uses a single static bearer token with an insecure default value embedded in code and binds the service to 0.0.0.0, making unauthorized access likely if the environment variable is unset or leaked. In the context of an MCP server exposing internal research/news/report data, this is a real authentication weakness because compromise of one token grants broad access with no rotation, per-user identity, or scope separation.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The setup instructions tell users to send an Authorization bearer token to an external MCP server over plain HTTP, but there is no warning that requests, prompts, and credentials leave the local environment. This creates a meaningful risk of credential interception, data leakage, and unintended disclosure of financial research activity, especially because the skill operates in a domain where user queries may be commercially sensitive.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The code embeds default MongoDB connection details including a public IP, admin username, and password directly in source. Hard-coded database credentials are highly dangerous because anyone with code access can directly connect to the backing datastore, potentially reading, modifying, or deleting all stored analysis data and using the admin account for broader abuse.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.