Back to skill

Security audit

Quant-Expert

Security checks across malware telemetry and agentic risk

Overview

Quant-Expert is a coherent market-analysis skill that uses Tushare, a holiday API, optional web research, and user-directed exports in ways that match its disclosed purpose.

Install this only if you are comfortable providing a Tushare token and allowing the agent to query Tushare, timor.tech, and web sources for market context. Use output-file options only with paths you intend to create or overwrite, and avoid including confidential holdings, proprietary strategies, or sensitive watchlists when asking for web-backed recommendations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The document broadens a quantitative Tushare-based skill into fetching and using external web event intelligence for recommendations, which materially expands the skill's data access and behavior beyond the stated metadata. This can cause unreviewed outbound retrieval, reliance on untrusted content, and hidden capability creep that changes the security and trust boundary for users and orchestrators.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
This section defines a dedicated two-layer pipeline where web-sourced event intelligence is mandatory for conclusions, rankings, and diagnoses, despite the skill being described as a Tushare/holiday-helper analysis tool. That mismatch creates a covert expansion of scope and introduces prompt-injection, misinformation, and data provenance risks from external content that may influence outputs and downstream decisions.

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The CLI accepts a user-controlled --output path and writes results to that path with df.to_csv(), enabling arbitrary file creation or overwrite wherever the running agent has permissions. In an agent/tooling environment, this exceeds a read-only market-data helper role and can be abused to modify workspace files, clobber artifacts, or plant data in sensitive locations.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The code writes CSV output to a fully user-specified path without any guardrails or prominent warning, which creates an unintended file-write side effect. While the written content is market data rather than code, this still permits overwriting existing files or creating files in attacker-chosen locations within the process's permissions.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.