Back to skill

Security audit

Banking Brief

Security checks across malware telemetry and agentic risk

Overview

This skill openly runs a Telegram bot that collects user-provided banking indicators, generates a PDF brief, and sends it back in the same chat.

Install only if Telegram is an approved channel for the banking indicators and market context you plan to send. Restrict access to the bot, protect and rotate the bot token if exposed, prefer a virtual environment or container for dependencies, and clean up generated PDFs in /tmp when handling confidential material.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
85% confidence
Finding
The skill declares an environment requirement for a Telegram bot token but does not declare corresponding permissions or operational constraints. This creates a transparency and governance gap: a reviewer may underestimate that the skill can authenticate to an external messaging service and process inbound/outbound data.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The documented behavior understates the actual operational scope: running as an active Telegram bot, handling commands, and writing PDFs to local storage are materially different capabilities from simply 'generating a brief.' This mismatch can bypass user/admin expectations, leading to unauthorized external communications, unexpected data handling, and file creation in an environment that did not approve those behaviors.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.