Back to skill

Security audit

canslim-analysis

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed stock-analysis skill that runs local Python, fetches public market data, and creates local JSON/PDF reports without evidence of hidden credential use, exfiltration, or destructive behavior.

Install only if you are comfortable running local Python code, installing the listed packages, making outbound requests to public financial-data services, and saving stock-research reports on disk. Review dependency trust and treat outputs as research support, not investment advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill declares no permissions even though its instructions clearly require shell execution, file reads/writes, package installation, and likely network access for market data and enrichment. This under-declaration is dangerous because it prevents accurate risk gating and informed user consent, allowing a skill with meaningful execution capabilities to run with more trust than its manifest suggests.

Tp4

High
Category
MCP Tool Poisoning
Confidence
89% confidence
Finding
The documented behavior does not fully match what the skill is expected to do: it appears to fetch external market data, assess market direction, and generate a PDF artifact beyond a simple ranked shortlist, while the 'AI enrichment' step is described as if performed by the skill despite relying on external or prefilled qualitative data. This mismatch is dangerous because hidden network access, extra artifact generation, and misleading claims about analysis provenance can bypass user expectations and security review, especially in a skill that executes code and writes files.

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The skill claims to return a ranked shortlist, but it also writes a log file, emits a JSON report to disk, and later attempts PDF generation. This expands the skill's side effects beyond the stated purpose, which increases data exposure and persistence risk in agent environments where filesystem writes may be unexpected or sensitive.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
Launching a second Python script creates an unnecessary execution boundary and gives the skill the ability to run additional code not essential to shortlist generation. In a skill context, this is riskier than ordinary application code because it broadens capability and makes behavior harder to audit, especially if the called script changes independently.

Description-Behavior Mismatch

Medium
Confidence
82% confidence
Finding
The script writes an intermediate JSON file containing analysis output to local disk even though the skill description implies it should just execute analysis and return results. Unexpected persistence can expose sensitive or proprietary screening results to other local users, later processes, backups, or logs, especially in shared or multi-tenant execution environments.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The README states that AI qualitative analysis is performed automatically and that external sources are queried, but it does not clearly warn users that running the skill may transmit stock-related prompts/data to external services and create additional local output artifacts. This is primarily a transparency and consent issue rather than a direct exploit, but it can still surprise users in restricted, privacy-sensitive, or compliance-bound environments.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script persists analysis output without any user-facing notice or confirmation, creating a transparency and data-handling risk. In the context of a stock analysis skill, the output may reveal investment research, screening logic outcomes, and timing information that users may reasonably expect to remain ephemeral.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.