Security audit

Investment Workflow

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed investment-research skill that may give direct trading-style signals, but the evidence does not show hidden execution, credential use, persistence, or trade/account control.

Install only if you want an agent to provide investment research and explicit trading-style signals. Do not treat its output as personalized financial advice, and provide market, time horizon, risk tolerance, and constraints before relying on any recommendation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Description-Behavior Mismatch

High

Confidence: 96% confidence
Finding: The skill goes beyond investment research and mandates an explicit trading action ('买入 / 卖出 / 持有 / 观望'), which operationalizes personalized investment advice rather than neutral analysis. In a broadly-triggered agent context, this can cause the system to give regulated or high-risk financial recommendations without sufficient suitability checks, disclosures, or risk controls.

Description-Behavior Mismatch

Medium

Confidence: 84% confidence
Finding: The document says vague requests should be clarified first, but it also treats very broad prompts like '现在什么值得买？' as a direct trigger for recommendation output. This contradiction increases the chance the skill will act on underspecified intent and generate recommendations without understanding the user's risk tolerance, market scope, or constraints.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger phrases are broad, generic, and conversational enough that they could match ordinary user dialogue and invoke the investment workflow unintentionally. In a finance-related skill, accidental activation can cause the agent to enter a high-impact advisory flow, produce unsolicited investment analysis, or expose users to actions and outputs they did not explicitly request.

Vague Triggers

Medium

Confidence: 78% confidence
Finding: The description includes broad trigger conditions such as '当用户需要投研分析时' and several generic example phrases, making accidental or overbroad activation more likely. In a financial-advice context, unintended invocation can lead to unsolicited recommendations or analysis being produced in situations where the user did not clearly request that workflow.

Vague Triggers

Medium

Confidence: 81% confidence
Finding: Several scene triggers are open-ended, especially prompts like '现在什么值得买？' or generic industry/hot-topic questions, without strong scope constraints. Because this skill later produces concrete decision outputs, ambiguous activation can escalate into high-stakes financial guidance from loosely specified user input.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The manifest describes very broad activation scenarios such as general investment analysis, recommendations, industry views, and meeting discussion without clear boundaries, exclusions, or gating conditions. In an agent setting, this can cause over-triggering and unintended invocation on ambiguous financial queries, increasing the risk of unsolicited or overly authoritative investment guidance in sensitive high-stakes contexts.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.