xstocks-beta

Security checks across malware telemetry and agentic risk

Overview

This is a coherent xStocks lookup tool, but its trading instructions push agents to execute real-money blockchain purchases too quickly after limited confirmation.

Install only if you specifically intend to use Solana xStocks. Keep wallet-level confirmations enabled and independently verify the exact token mint, amount, payment token, quote, fees, slippage, destination wallet, and network before approving any transaction; do not treat a casual yes or amount as final permission to spend funds.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The function's docstring says it returns the first token whose address matches, which implies exact equality, but the implementation uses substring matching with `if address in str(t.get("address", ""))`. This can return the wrong token for partial inputs or overlapping addresses, causing incorrect token selection and potentially misrouting downstream operations that rely on an exact Solana address.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger text is overly broad for a skill that can lead to real-money blockchain trades. Phrases like 'wants to buy, find, or identify any xStock, even if they don't say xStocks directly' can cause the skill to activate on generic stock-related requests and route users into a transactional flow they may not have intended.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs immediate execution of a buy flow after a minimal confirmation, but does not present a prominent real-money risk warning or a high-friction confirmation step. In a crypto trading context, this increases the chance of accidental or socially engineered transactions, especially because the flow emphasizes not pausing once the user says yes.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal