Back to skill

Security audit

A-Share Multi-Dimensional Quantitative Analysis

Security checks across malware telemetry and agentic risk

Overview

This finance-analysis skill is mostly read-only, but it asks users to send a bearer token over plain HTTP and includes hardcoded backend database credentials.

Review carefully before installing. Do not send confidential prompts, portfolio details, or API tokens to this server unless the publisher provides a verified HTTPS endpoint and clear data-handling terms. Treat the exposed backend credentials as a serious publisher security issue that should be removed and rotated.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Tp4

High
Category
MCP Tool Poisoning
Confidence
92% confidence
Finding
The documented purpose is quantitative stock analysis, but the described backend behavior includes bearer-token auth, remote database access, and exposing raw/full report contents. That mismatch is dangerous because users may trust the skill as a simple analysis tool while it actually brokers access to external data systems and potentially sensitive third-party content, increasing risks around data exposure, over-collection, and undisclosed external dependencies.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The setup instructs users to send a bearer token to a third-party MCP server over plain HTTP, without prominently warning that authentication data and user queries will transit to an external service. This is especially risky in a finance-related skill because portfolio interests, research activity, and credentials could be intercepted or disclosed, and HTTP provides no transport security against eavesdropping or tampering.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The code embeds default MongoDB connection details, including a public IP address and hardcoded admin credentials, then automatically connects to that external database. This creates a severe secret-exposure issue and can enable unauthorized database access, data theft, tampering, or reuse of the same credentials elsewhere if the skill code is disclosed.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.