Back to skill

Security audit

yahoo-finance-bist

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Yahoo Finance helper, but it can run scripts and create or change local financial records from broad prompts without enough scoping or confirmation.

Install only if you are comfortable with a finance skill that runs local Python scripts, contacts Yahoo Finance, and stores watchlists, alerts, trade logs, CSVs, and HTML reports on disk. Use explicit commands, verify the install path before running it, avoid sensitive or untrusted symbol/name inputs, and periodically review or delete the generated JSON/CSV/HTML files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill invokes shell commands, accesses the network, and appears to read/write files, but it declares no corresponding permissions or user-visible warnings. This creates a transparency and consent gap: a user may trigger network requests or persistent file creation without understanding the skill’s effective capabilities.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The activation phrases in the description are broad finance terms such as 'indikatör', 'skor', 'excel', and 'işlem geçmişi', which can appear in ordinary conversation. Because this skill can execute scripts, write files, and log portfolio/trade data, accidental invocation can trigger unintended side effects beyond simple chat assistance.

Vague Triggers

Medium
Confidence
93% confidence
Finding
Tool selection is driven by vague phrases like 'analiz et', 'teknik', or 'AL/SAT de' without exclusions or disambiguation. In this context, vague routing is risky because the mandated flow instructs the agent to execute a script on every matching request and return only the output, reducing opportunities to verify intent or sanitize parameters.

Vague Triggers

Low
Confidence
90% confidence
Finding
The Excel export tool is triggered by generic terms like 'excel', 'CSV', and 'indirici', which can be mentioned casually without a request to generate files. Since the tool writes historical data to disk, accidental invocation can create unwanted files and expose stored market interest or workflow artifacts.

Vague Triggers

Low
Confidence
88% confidence
Finding
Portfolio tracker commands are activated by broad phrases like 'takibe al' or 'alarm kur', which may arise in general discussion. Because these commands create or modify persistent monitoring state, ambiguous triggers can cause unauthorized tracking entries, noisy alerts, or corruption of a user’s portfolio records.

Vague Triggers

Low
Confidence
90% confidence
Finding
Trade logging is bound to generic phrases such as 'aldım/sattım', 'rapor', and 'işlem geçmişi', which can describe discussion rather than a request to persist a transaction. In a skill that writes trade history and generates reports, this ambiguity can lead to incorrect or sensitive financial records being stored without deliberate user intent.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill describes exporting Excel files, tracking portfolios, and logging trades, but it does not clearly warn users that these actions create persistent files and retain financial data. This is dangerous because users may unintentionally store sensitive trading behavior or portfolio details on disk, increasing privacy and data-handling risk.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The generated HTML report pulls Chart.js from a third-party CDN at view time, creating an external network dependency and a supply-chain trust boundary. If the CDN is compromised, blocked, or modified, opening the local report could execute attacker-controlled JavaScript in the user's browser context.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.