Security audit

Event Analyzer

Security checks across malware telemetry and agentic risk

Overview

This skill is not malware, but it should be reviewed because it can produce concrete trading instructions and asks for broad agent tools.

Install only if you intentionally want a finance-oriented event-analysis prompt that may output actionable trading ideas. Treat any buy/sell, position-size, entry, stop-loss, or take-profit output as unverified general commentary, not personalized financial advice. A safer version would narrow triggers, remove Write/Exec permissions, fix the repository metadata, and avoid concrete trading instructions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (23)

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The skill is presented as generic event analysis, but the body of the prompt instructs the agent to produce concrete trading actions, position sizing, entry timing, stop-losses, and business-operating guidance. This scope expansion is dangerous because it can trigger in contexts where users did not explicitly ask for financial or entrepreneurial advice, causing the agent to deliver regulated or high-risk guidance under a misleading label.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The '走卒' section includes explicit monetization and 'information arbitrage' playbooks, including how to exploit timing, geography, and knowledge gaps for profit. That behavior materially exceeds event analysis and can steer users toward opportunistic or potentially unethical commercial conduct, especially when surfaced automatically by a broadly triggered skill.

Intent-Code Divergence

Medium

Confidence: 98% confidence
Finding: The disclaimer claims the content is not investment advice, but the instructions explicitly tell the agent to output specific financial instruments, position sizing, entry windows, catalysts, stop-profit, and stop-loss lines. This contradiction is dangerous because the disclaimer may create a false sense of compliance while the skill still produces actionable investment advice with real financial harm potential.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The manifest claims to describe a Fanli event-analysis skill, but its repository URL points to an unrelated project. This breaks provenance and trust verification: users or automated tooling may fetch, audit, or rely on code and documentation from the wrong source, which can hide malicious or unreviewed content behind misleading metadata.

Description-Behavior Mismatch

High

Confidence: 94% confidence
Finding: This sample extends a purported event-analysis skill into actionable investment guidance such as sector allocation and position sizing, which materially changes the skill's risk profile. In an agent setting, users may treat these outputs as trustworthy recommendations, creating risk of unsuitable financial advice and downstream financial harm.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The core framework explicitly instructs the skill to produce specific stock and futures recommendations, trade direction, timing windows, stop-losses, and execution playbooks. That goes beyond analytical summarization into concrete trading advice, which is especially dangerous because it can be operationalized directly by users or downstream agents.

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: The example crosses from neutral event interpretation into concrete portfolio sizing and trading tactics such as '重仓', percentage allocation, and execution timing. In a skill described as event analysis, this can steer users toward financial decisions without appropriate safeguards, suitability checks, or regulatory framing.

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: This section names specific securities and instructs users to buy them, including timing, stop-loss, and take-profit levels. That turns the skill from analysis into actionable investment advice, materially increasing the chance of user financial harm if the output is wrong, unsuitable, or followed blindly.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The example trigger "帮我分析这个事件" is broad enough to match many ordinary user requests, which can cause the skill to activate outside its intended niche. Because this skill produces quasi-investment analysis and actionable market framing, overbroad routing increases the chance that users receive financial guidance when they only wanted generic news analysis.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The weekly prompt "本周有哪些重要事件？" is ambiguous and could apply to politics, sports, entertainment, or general news, yet the skill is designed to interpret events through a market and trading lens. This mismatch can silently broaden the skill's scope and expose users to unwanted financial-analysis behavior in response to commonplace requests.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The tracking phrase "追踪降准事件的后续发展" lacks clear boundaries and could capture broad follow-up requests about any event over time. In context, the skill's outputs include trading ideas, position timing, and instrument suggestions, so vague tracking triggers can pull users into higher-risk financial guidance without deliberate opt-in.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The README presents concrete trading outputs such as stock selection, entry window, stop-loss, and take-profit levels near the main example, but does not place a prominent warning there that the content is educational only and not personalized financial advice. This is dangerous because users may treat the example as actionable recommendation flow, especially when the skill frames decisions with apparent rigor and specific instruments.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The activation criteria are extremely broad, such as ordinary requests to 'analyze this event' or 'what important events happened this week,' which can match many benign user prompts. Because the skill then expands into financial trading and business guidance, broad triggering increases the chance of unsolicited high-risk advice being injected into routine conversations.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The document instructs the agent to proactively answer vague prompts like 'anything worth watching lately?' with a curated pipeline of events and then guide the user into deeper analysis. In this skill's context, that is risky because the deeper workflow includes concrete trading and monetization recommendations, so vague prompts can become unsolicited financial guidance funnels.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The observation shows the skill responding successfully to a vague request like '最近有什么值得关注的吗？' by proactively generating a broad set of important events, classifications, and scoring without first establishing scope, domain, timeframe, or source boundaries. In an event-analysis skill, this can cause over-triggering, unsolicited high-confidence analysis, and misleading outputs on ambiguous prompts, which increases the risk of hallucinated or mis-scoped strategic guidance.

Vague Triggers

Medium

Confidence: 72% confidence
Finding: The skill is configured to react to broad, common phrases such as '最近有什么值得关注的吗？' without clear boundaries, which can cause over-triggering in contexts where the user did not intend to invoke this analysis workflow. In an agent setting, overly broad activation can route unrelated conversations into the skill, increasing the chance of unintended external-link presentation, misleading analysis, or inappropriate handling of user input.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The notes document the skill producing specific trading recommendations such as named securities, position sizing, and stop-loss/take-profit levels, but do not include any financial risk warning, suitability check, or disclaimer about potential losses. In a skill explicitly used for event analysis and market interpretation, this increases the chance that downstream users treat speculative output as actionable investment advice without understanding risk.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger example "最近一周有什么值得关注的吗？" is a very broad, everyday request that can easily overlap with normal conversational queries unrelated to this specialized skill. In an agent-routing context, overly generic activation phrases can cause unintended invocation, increasing the chance the skill is selected when the user did not ask for this domain-specific analysis or investment-style guidance.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The phrase around analyzing a single event is still framed in generic wording ("帮我分析一下…"), which is common across many skills and user intents. Without stronger scope boundaries, the router may misclassify ordinary analysis requests and invoke this skill inappropriately, leading to irrelevant outputs or unintended financial-style recommendations.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The weekly-events trigger ("本周有哪些重要事件？") is especially generic and likely to collide with many benign requests for news summaries, planning help, or general updates. Because the skill is designed for deep event interpretation and can produce trading-oriented recommendations, accidental activation increases the risk of exposing users to specialized or high-stakes outputs they did not intend to request.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The document gives direct buy/long/short instructions, account-dependent trading paths, position limits, and stop-loss guidance without a clear warning that the content is not financial advice and may lead to losses. While disclaimers alone would not eliminate the underlying issue, their absence increases the likelihood that users interpret the content as endorsed, actionable advice.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The markdown provides concrete trading action ('今天买入银行 ETF') without a clear warning that the content can affect user assets and may be inappropriate for many users. Absent a safety notice, users may mistake the skill's example output for endorsed, generally suitable financial guidance.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The final summary amplifies risk by condensing the document into direct buy recommendations and a trading window, but still lacks a prominent suitability and risk warning. Summaries are especially dangerous because users often act on them without reading the surrounding caveats or methodology.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal