Back to skill

Security audit

tushare

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a legitimate Tushare finance research helper, but it documents account-changing watchlist APIs without clear safeguards.

Install only if you are comfortable giving the agent Tushare network access and use of your TUSHARE_TOKEN. Treat this as a research/data-export skill, and require explicit confirmation before any action involving Tushare self-selected portfolio APIs such as saving, modifying, or deleting watchlists.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The documented interfaces include state-changing portfolio operations (p_save, p_delete) that go beyond the skill’s stated purpose of market data retrieval, cleaning, export, and analysis. In an agentic setting, exposing write/delete capabilities without strong scope justification or explicit user-confirmation requirements can enable unauthorized modification or destruction of a user’s saved watchlists/portfolios.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Create/update/delete portfolio capability is not justified by the described research-only use case, so the skill’s effective authority exceeds user expectations. This mismatch increases the risk of confused-deputy behavior where a user asks for analysis but the agent is nonetheless able to alter persistent portfolio state.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger guide uses broad, everyday Chinese phrases such as '看看这个股票最近怎么样' and '给我快速研究一下 XX', which can match many ordinary finance-related utterances without clear user intent to invoke this specific skill. In an agent setting, that increases the chance of unintended activation, causing unnecessary networked data access, token use, or execution of a more powerful workflow than the user expected.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The 'Quick rule' reduces activation logic to very generic categories like '看走势', '查财报', and '拉数据导出', which are underspecified and broad enough to fire on many routine conversations. This creates ambiguous routing and can cause the skill to take over when the user did not explicitly want Tushare-backed retrieval, especially given the skill's network access and credential usage.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.