Skill Fin Report

Security checks across malware telemetry and agentic risk

Overview

This skill generates local A-share finance reports as described, with dependency and invocation cautions but no evidence of credential theft, trading actions, persistence, or exfiltration.

Install only if you are comfortable with public financial-data network requests, Python package installation, and local PDF generation. Prefer explicit stock-code invocations, review generated reports before sharing them, and keep WeasyPrint and related dependencies updated or pinned to vetted patched versions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (8)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill declares no permissions, yet its documented behavior clearly requires outbound network access to fetch market/news data and shell-like execution of local tools such as python3, pip3, and Ghostscript. This mismatch weakens platform trust boundaries and informed consent: an agent may invoke code with network and process-spawning capability that is not transparently declared, increasing risk if the implementation later expands or is abused.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger phrases are very broad finance terms such as '金融报告', '投研报告', and '股票分析', which can match many ordinary user requests. That increases the chance of unintended auto-invocation, causing the skill to fetch external data and run local tooling when the user may not have intended to activate this specific capability.

Unpinned Dependencies

Low

Category: Supply Chain
Content: akshare>=1.10.0 pandas>=1.5.0 numpy>=1.23.0 weasyprint>=60.0
Confidence: 95% confidence
Finding: akshare>=1.10.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: akshare>=1.10.0 pandas>=1.5.0 numpy>=1.23.0 weasyprint>=60.0 matplotlib>=3.7.0
Confidence: 93% confidence
Finding: pandas>=1.5.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: akshare>=1.10.0 pandas>=1.5.0 numpy>=1.23.0 weasyprint>=60.0 matplotlib>=3.7.0
Confidence: 93% confidence
Finding: numpy>=1.23.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: akshare>=1.10.0 pandas>=1.5.0 numpy>=1.23.0 weasyprint>=60.0 matplotlib>=3.7.0
Confidence: 97% confidence
Finding: weasyprint>=60.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: pandas>=1.5.0 numpy>=1.23.0 weasyprint>=60.0 matplotlib>=3.7.0
Confidence: 92% confidence
Finding: matplotlib>=3.7.0

Known Vulnerable Dependency: weasyprint — 2 advisory(ies): CVE-2024-28184 (WeasyPrint allows the attachment of arbitrary files and URLs to a PDF); CVE-2025-68616 (WeasyPrint has a Server-Side Request Forgery (SSRF) Protection Bypass via HTTP R)

High

Category: Supply Chain
Confidence: 90% confidence
Finding: weasyprint

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal