Back to skill

Security audit

Human Stock Helper

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed stock-analysis and local portfolio-record helper, with privacy and financial-advice cautions but no evidence of hidden or malicious behavior.

Install only if you are comfortable storing positions, trade history, and strategy notes in local memory files. Avoid entering sensitive account details, review the hard-coded storage path and unpinned Python dependencies, be cautious with Tavily/external research queries, and do not treat generated buy/sell/stop-loss suggestions as professional financial advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill advertises and documents persistent local file reads/writes under the memory/ directory, but the manifest does not declare permissions or clearly scope those capabilities. This can lead users or the host system to authorize a skill with broader stateful behavior than expected, increasing the risk of silent data persistence or unintended access to local files.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The declared purpose focuses on stock analysis tools, but the documented behavior also includes portfolio management, trade journaling, strategy execution tracking, discipline scoring, and persistent local storage. That mismatch is security-relevant because users may supply sensitive financial context believing the skill is only doing analysis, while it is also retaining and structuring that data on disk.

Context-Inappropriate Capability

Medium
Confidence
79% confidence
Finding
The skill introduces Tavily search and research features that expand behavior from market-data retrieval into broader outbound web queries and external research. This widens the data exposure surface because user-provided tickers, holdings, strategy context, or prompts may be sent to third-party network services not reflected in the manifest's stated scope.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The file persists and mutates long-term trading strategies, executions, and positions on disk, which exceeds a read-only analysis/reminder role and creates durable state that can influence later financial decisions. In a trading-assistant context, silent state changes or corrupted records can mislead users about their strategy history, discipline score, or current position assumptions.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The CLI supports closing/completing strategies by updating persistent strategy status, which is an account/state mutation rather than mere analysis. In this skill's context, marking a strategy completed can suppress future reminders or alter downstream decision-making, causing users to act on an inaccurate view of active plans.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill describes updating holdings, recording trades, and storing analysis in memory files without clearly warning the user that these actions create persistent local records. Persistent financial history can reveal sensitive investment behavior and may remain on disk longer than the user expects.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The documentation instructs use of Tavily search/research for market analysis but does not warn that user-supplied stock queries and surrounding context may be transmitted to an external service. For a trading assistant, that context can include holdings, entry prices, or strategy intentions, which are sensitive financial signals.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script generates concrete trading actions such as reducing positions, moving stop losses, and unconditional exits, but it does not present any user-facing warning that these outputs are informational only or that following them may result in financial loss. In the context of a stock-trading helper, this increases the chance that users treat the output as authoritative investment advice and act on it directly with real assets.

VirusTotal

49/49 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.