Security audit

Trading Quant

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent stock-market data and analysis tool that uses expected public finance APIs and local caches, with no artifact-backed evidence of hidden, destructive, or deceptive behavior.

Install only if you are comfortable with a finance tool making outbound requests to market/news providers and writing local cache databases. Treat its scores and buy/sell labels as analysis aids, not investment advice, and prefer pinning or reviewing Python dependency versions before use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger phrase at this line is broad enough to match many ordinary stock-related requests, which can cause the skill to activate when the user did not explicitly intend to invoke it. In an agent ecosystem, overbroad activation increases the chance of unintended tool use, data exposure through unnecessary external calls, or the skill steering financial conversations without clear user consent.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger phrase on this line lacks meaningful activation constraints, so common requests may invoke the skill too readily. Because this skill concerns financial analysis, accidental activation is more sensitive than a generic utility skill: it may insert market data or analytical framing into conversations where the user did not request a trading-focused tool.

Known Vulnerable Dependency: aiohttp — 10 advisory(ies): CVE-2024-52303 (aiohttp has a memory leak when middleware is enabled when requesting a resource ); CVE-2026-34514 (AIOHTTP has CRLF injection through multipart part content type header constructi); CVE-2026-34517 (AIOHTTP has late size enforcement for non-file multipart fields causes memory Do) +7 more

High

Category: Supply Chain
Confidence: 68% confidence
Finding: aiohttp

Known Vulnerable Dependency: pyyaml — 8 advisory(ies): CVE-2019-20477 (Deserialization of Untrusted Data in PyYAML); CVE-2020-1747 (Improper Input Validation in PyYAML); CVE-2020-14343 (Improper Input Validation in PyYAML) +5 more

Critical

Category: Supply Chain
Confidence: 78% confidence
Finding: pyyaml

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal