Back to skill

Security audit

eastmoney skills

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Eastmoney financial-data connector that sends queries to its API and saves returned results locally.

Install only if you are comfortable sending financial query text to Eastmoney's API and storing returned data in local output files. Keep MX_APIKEY in a trusted environment, avoid putting secrets or confidential internal details in queries, and periodically remove generated raw JSON or Excel files if they contain sensitive information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill documentation indicates it uses environment variables, network access, and writes files, but it does not declare corresponding permissions. This creates a transparency and governance gap: users or hosting platforms may not realize the skill can exfiltrate query contents to an external API and persist returned data locally. In a financial-data skill, these capabilities are expected, but undeclared capability use is still a real security issue because it undermines informed consent and policy enforcement.

Description-Behavior Mismatch

Medium
Confidence
83% confidence
Finding
The code saves the full raw API response JSON to disk, which may include more metadata or sensitive returned content than is needed for the advertised financial query result. Persisting unredacted upstream responses increases local exposure, especially in shared workspaces or if the API returns identifiers, internal metadata, or unexpected sensitive fields.

External Transmission

Medium
Category
Data Exfiltration
Content
> - **凭据保护**: API Key 仅通过环境变量 `MX_APIKEY` 在服务端或受信任的运行环境中使用,不会在前端明文暴露。

```javascript
curl -X POST --location 'https://mkapi2.dfcfs.com/finskillshub/api/claw/query' \
--header 'Content-Type: application/json' \
--header 'apikey: YOUR_API_KEY' \
--data '{"toolQuery": "东方财富最新价"}'
Confidence
90% confidence
Finding
curl -X POST --location 'https://mkapi2.dfcfs.com/finskillshub/api/claw/query' \ --header 'Content-Type: application/json' \ --header 'apikey: YOUR_API_KEY' \ --data

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.