Eastmoney Stock.Bak

Security checks across malware telemetry and agentic risk

Overview

This stock-data skill is not malware, but it presents itself as live Eastmoney data while some scripts use Sina Finance or hard-coded market recommendations and portfolio advice.

Review before installing. Treat outputs as non-authoritative research only, verify all quotes and rankings against a trusted live source, and do not rely on its stock picks, allocation suggestions, or stop-loss guidance as financial advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (12)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 76% confidence
Finding: The finding indicates the skill can perform network access without declaring permissions, which weakens transparency and permission-based controls. In a stock-query skill, outbound requests are expected, but undeclared network capability can still mislead reviewers and users about what the skill is able to access externally.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 89% confidence
Finding: A description-behavior mismatch is dangerous because it hides materially broader functionality than users and reviewers expect. Here, behavior reportedly extends beyond simple Eastmoney quote retrieval into other data sources, sector ranking, hardcoded recommendations, and investment advice, which increases the risk of deceptive operation, unreviewed data flows, and unsafe financial guidance.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The file advertises market analysis based on a finance API, but actually returns fully hardcoded sectors and stock picks. In a stock-data skill, this is dangerous because users may rely on stale or fabricated information as if it were current market data, leading to misleading financial guidance.

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: The module docstring explicitly claims to use the Sina Finance API, but no such API call occurs. This misrepresentation undermines trust and can cause downstream agents or users to treat fabricated output as authoritative live financial data.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The skill advertises live Eastmoney stock-data querying but instead emits fully hard-coded sector rankings, stock picks, and a fixed date, creating a capability mismatch. In a finance context this is dangerous because users or downstream agents may trust stale or fabricated data as current market information and make financial decisions on that basis.

Context-Inappropriate Capability

High

Confidence: 97% confidence
Finding: The file goes beyond data lookup and provides explicit portfolio allocation, stock recommendations, and stop-loss guidance, which materially changes the skill from informational data access to financial advice generation. That is risky because the skill metadata frames it as a stock-data query tool, so users may not realize they are receiving unvetted recommendation logic rather than neutral market data.

Intent-Code Divergence

Medium

Confidence: 92% confidence
Finding: The docstring and comments claim the code fetches hot sectors and public market data, but the implementation merely prints static content. This kind of deceptive or misleading implementation increases integrity risk because other components, reviewers, or users may assume the output is data-backed when it is not.

Intent-Code Divergence

Medium

Confidence: 96% confidence
Finding: The skill metadata says it provides Eastmoney stock data, but the implementation and comments show it actually queries Sina Finance. This is a real integrity and transparency issue because users and higher-level systems may rely on the declared data source for trust, compliance, or expected data semantics, and the tool silently violates that expectation.

Description-Behavior Mismatch

Medium

Confidence: 97% confidence
Finding: The implemented behavior does not match the skill's stated scope, creating a supply-chain style trust problem: callers believe they are invoking an Eastmoney-backed stock tool, but requests are sent to Sina instead. In a finance-related skill, data provenance matters, so this mismatch can mislead users, break governance assumptions, and produce incorrect operational decisions based on the wrong upstream source.

Vague Triggers

Medium

Confidence: 81% confidence
Finding: Overly broad trigger phrasing can cause the skill to activate during ordinary stock-related conversation when the user did not intend to invoke it. In this context, that can lead to unexpected network calls, unsolicited financial content, or accidental reliance on delayed/incorrect market data.

Missing User Warnings

Low

Confidence: 91% confidence
Finding: The script makes outbound requests to Eastmoney endpoints and does not provide any user-facing disclosure or consent mechanism about external network access. In this skill context, the network call is expected for retrieving live stock data, so this is not malicious, but it still creates a transparency/privacy issue because invoking the skill implicitly contacts a third-party service and may expose metadata such as IP address and request timing.

Missing User Warnings

Low

Confidence: 83% confidence
Finding: The code sends user-supplied stock identifiers to an external service without any explicit disclosure in the tool behavior. Although the transmitted data is typically low sensitivity, it still leaks user query intent and usage patterns to a third party, which is relevant in financial contexts where watchlists or research activity may be sensitive.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal