Back to skill

Security audit

QMT Strategy Autopilot

Security checks across malware telemetry and agentic risk

Overview

This trading automation skill is mostly coherent, but it can execute live brokerage actions through unpinned external Python code and lacks clear safety boundaries.

Install only if you understand and trust the external planner file it loads. Keep BROKER_ENV in simulation unless you have verified the planner, set strict account and order limits, and have an explicit live-trade confirmation process. Treat QMT_ACCOUNT_ID, QGDATA_TOKEN, broker paths, and planner paths as sensitive operational configuration.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill declares environment-variable requirements that expose trading-related configuration and account context, but the finding indicates these capabilities are not explicitly declared as permissions. In a trading automation skill, hidden or under-declared access to environment data reduces transparency and can cause users to authorize execution without understanding what sensitive configuration the skill can read.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The wrapper imports and executes Python from a path controlled by the STRATEGY_PLANNER_PATH environment variable using exec_module(), which is effectively arbitrary code execution if an attacker can influence the environment or deployment configuration. In a trading/autopilot context this is especially dangerous because the loaded code could manipulate strategy generation, place unauthorized trades, exfiltrate credentials, or tamper with market-facing workflows.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill supports live trading semantics and account-linked execution, yet the description provides no prominent warning about the financial risks of placing real orders. In this context, omission of risk disclosure is dangerous because users may assume a planning/demo workflow and inadvertently trigger irreversible market actions with real funds.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The skill references required account identifiers such as QMT_ACCOUNT_ID without any warning about credential sensitivity, privacy handling, or log exposure. In a broker-integrated automation workflow, even identifiers and environment configuration can aid account targeting, accidental disclosure, or unsafe operational practices if users paste or store them insecurely.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal