Security audit

A Stock Trading Assistant

Security checks across malware telemetry and agentic risk

Overview

This is a coherent China A-share market-data and analysis skill that fetches public finance data and does not show hidden credential use, exfiltration, or trading authority.

Install only if you want a Chinese A-share analysis helper that can fetch public market data from Chinese finance sites and may save price-alert/watchlist details locally. Do not treat its trading suggestions as personalized investment advice or guaranteed outcomes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill’s invocation description is very broad and includes many generic trading-related queries, which can cause the orchestrator to route a wide range of financial conversations into this skill without clear user intent. In a finance context, over-triggering is risky because the skill is designed to provide trading strategies, stop-loss/take-profit levels, and position suggestions, so accidental activation can lead to unsolicited or inappropriately scoped financial guidance.

Natural-Language Policy Violations

Medium

Confidence: 84% confidence
Finding: The skill hard-codes a China A-share market scope and presents itself entirely in Chinese without any user opt-in or negotiation of language/locale. This can cause users to receive advice in an unexpected language or market context, increasing the chance of misunderstanding financial recommendations, ticker interpretation, and market applicability.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The document gives explicit position-sizing and trading-action guidance such as recommended仓位 ranges tied to market conditions, but it does not include any financial risk warning, suitability caveat, or statement that the content is educational only. In a skill context, users may treat this as actionable investment advice and follow it without understanding losses, leverage, volatility, or their own risk tolerance.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal