Strategy Backtest

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate local analysis helper, but it can install and run a local tool and save analysis history on the user's machine.

Install only if you are comfortable running a local Python CLI. Use read-only connector credentials, avoid storing sensitive experiment payloads unless needed, and periodically review or delete the local history database if it may contain confidential business data.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 87% confidence
Finding: The skill advertises no declared permissions, yet it appears capable of reading and writing local files. That mismatch undermines the permission model and can enable unexpected access to local data or persistence of artifacts without informed approval, especially in an agent environment where users rely on declared capabilities.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 91% confidence
Finding: The reported behavior goes beyond the stated purpose by persisting command history, migrating legacy local data, and returning static references unrelated to computation. Undisclosed persistence is risky because it can retain sensitive user inputs or analysis history, and behavior mismatch makes it harder for users and reviewers to assess what the skill actually does.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal