Ptrade Skills

Security checks across malware telemetry and agentic risk

Overview

This appears to be a live-trading skill with purpose-aligned behavior, but its risk-control code has credible safety defects that could cause unintended financial exposure.

Treat this as Review, not malware. Do not run it against a live brokerage account until the order semantics and black-swan protection are fixed and tested in paper trading. Use explicit position limits, a kill switch, duplicate-order protection, and manual approval before live order submission.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

High

Confidence: 97% confidence
Finding: The black-swan handler says a 3% index drop should reduce exposure by half, but it calls order_shares(_context["position"], half). Elsewhere in this strategy, order_shares(etf, 0) is used to set an absolute target position, which strongly suggests this call targets a final holding of 'half' shares rather than selling half; if the current position is already below 'half' or the API uses delta semantics differently, the behavior can be wrong and may even increase exposure during a market drawdown. In a live trading strategy, incorrect risk-control logic is a real security/safety issue because it can directly cause unintended trades and magnify losses during stressed conditions.

Intent-Code Divergence

Medium

Confidence: 99% confidence
Finding: The function intends to compare today's index close to the previous close, but it requests data only for prev_date as both start_date and end_date, then immediately requires two rows and returns if fewer are present. In practice this makes the black-swan protection silently fail or never trigger, disabling a documented market-crash safeguard in a live trading context.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal