Quant Trading System

Security checks across malware telemetry and agentic risk

Overview

This is a paper-trading demo with live market-data lookups and an optional dashboard, not evidence of real account trading or data theft.

Install only as a demo or paper-trading tool. Do not rely on its signals for real financial decisions, do not give it exchange credentials, and avoid running the dashboard on an untrusted network unless you bind it to localhost or add access controls.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (9)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 78% confidence
Finding: The skill advertises real market data and automated trading behavior but does not declare any corresponding network permission, creating a transparency and governance gap. In a trading context, undeclared network access is security-relevant because it can fetch external data, contact APIs, or transmit information without clear user awareness or review boundaries.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 91% confidence
Finding: The documented purpose is a simple multi-strategy voting trader, but the behavior reportedly includes an HTTP server, API-like interfaces, notifications, and a broader multi-agent trading framework. This mismatch is dangerous because hidden or under-disclosed capabilities expand the attack surface and can cause operators to trust and run functionality they did not knowingly approve.

Intent-Code Divergence

Medium

Confidence: 98% confidence
Finding: The historical data routine silently fabricates synthetic OHLCV data when the external API fails, but returns it as if it were genuine market history. In a trading skill, this can directly taint factor calculations, strategy decisions, backtests, and even live execution, causing unsafe or misleading trades based on false inputs.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The code exposes an HTTP server bound to 0.0.0.0, making the dashboard reachable from any network interface rather than just localhost. In a trading skill, this increases attack surface and can leak portfolio status and strategy information to unauthorized users, especially because there is no authentication, TLS, or access control.

Context-Inappropriate Capability

Medium

Confidence: 89% confidence
Finding: The main system exposes a network-accessible dashboard capability that is not essential to core trade-signal generation and is started with a simple command, which can surprise users deploying the skill. In this context, undeclared service exposure is risky because trading environments often run on hosts with sensitive credentials, positions, and internal network reachability.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill promotes automatic order placement using real market data without clearly warning that it may execute trades or trigger account-affecting actions without manual confirmation. In a financial automation context, missing safety disclosures materially increases the risk of unintended losses, misuse, or users believing the system is safer or more limited than it is.

Missing User Warnings

High

Confidence: 96% confidence
Finding: The code automatically opens positions for any non-HOLD signal without any user confirmation, dry-run mode, or explicit warning. In a trading skill context this is especially dangerous because invoking the run path can immediately trigger financial actions based on simplistic and partly random signals, creating a real risk of unintended losses.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The system defaults to mode="trade" and proceeds into order execution logic without any explicit user confirmation, dry-run requirement, or runtime safeguard. In an agent skill context, this increases the chance of unintended trading actions if the code is invoked with default parameters or integrated into automation.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: Starting a network service without a clear warning or disclosure can cause operators to expose internal trading telemetry unintentionally. Here, invoking the dashboard prints only a localhost URL even though the server actually binds to all interfaces, which may mislead users about the true exposure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal