Security audit

实时财经

Security checks across malware telemetry and agentic risk

Overview

This finance-news skill is not clearly malicious, but it should be reviewed because it advertises API-only fetching while bundling a helper that can attach to a local browser debugging session.

Install only after reviewing the scripts. Prefer the documented fetch_api.js path, avoid running fetch_and_save.js unless you intentionally started a dedicated browser debugging session for this skill, and make sure any 5-minute scheduled polling is something you can disable. The publisher should either remove the browser helper or clearly document and gate it.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 85% confidence
Finding: The skill description presents a narrow API-based news fetcher, but the documented/observed behavior includes persistent local storage, state tracking, database-style management, and especially Puppeteer access to a locally exposed browser debugging port. That mismatch is security-relevant because users or orchestrators may grant the skill broader trust than intended, while browser-debug access can expose unrelated open pages, session data, or sensitive content beyond the stated finance-news task.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal