恢恢量化 A股数据助手

Security checks across malware telemetry and agentic risk

Overview

This skill coherently fetches public A-share market data from hhxg.top, with disclosed caching and promotional links but no evidence of credential access, exfiltration, persistence, or destructive runtime behavior.

Install only if you are comfortable with the assistant contacting hhxg.top for public market data, showing hhxg.top promotional/tool links, and caching public JSON locally. Before using the README install command, inspect the GitHub source and confirm the rm -rf path points only to the intended skill directory.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 84% confidence
Finding: The skill declares only the Bash tool, but its documented behavior clearly implies network access and local file interaction through Python scripts and cache usage. This permission/capability mismatch is dangerous because reviewers and users cannot accurately assess what the skill may do, reducing transparency and increasing the chance of unexpected data access or outbound requests.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 89% confidence
Finding: The skill description presents a narrow market-data assistant, but the content indicates additional behaviors such as promotional redirecting to hhxg.top tools and broader quantitative signal or stock-selection outputs. Description-behavior mismatch is risky because it can hide secondary objectives, undermine informed consent, and make operators underestimate the scope of external linking, data processing, or user influence performed by the skill.

Vague Triggers

Medium

Confidence: 81% confidence
Finding: The trigger phrases are broad enough to match ordinary financial conversation such as general mentions of markets, news, or stocks, which can cause the skill to activate when the user did not specifically request it. Over-broad auto-invocation is dangerous because it can route unrelated conversations through external data-fetching logic, increasing unnecessary network calls, response hijacking risk, and unintentional promotion of linked services.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal