Stock Watcher

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a straightforward stock watchlist tool with limited local storage and public market-data lookups, but users should understand its delete and network behaviors.

Before installing, confirm you are comfortable with the skill storing a local watchlist, sending stock codes to 10jqka.com.cn for lookups, and deleting the saved watchlist if you use its clear or uninstall cleanup commands.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill describes file read/write and network-backed behavior but does not declare any permissions, which creates a transparency and consent gap. In an agent ecosystem, undeclared capabilities can cause the host or user to underestimate what the skill can access or modify, especially since it stores local data and fetches external market content.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 87% confidence
Finding: The stated purpose focuses on watchlist management and stock summaries, but the skill also documents installation/setup and uninstallation that deletes local files, plus full watchlist clearing. This mismatch weakens informed consent and can surprise users with filesystem-altering or destructive behavior outside the narrow summary implied by the description.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The README instructs users to run an uninstall command that removes both the skill and the user's watchlist data, but it does not prominently warn that personal data will be deleted or recommend confirmation and backup steps. In an agent or copy-paste workflow, this increases the chance of accidental destructive action and irreversible loss of user-maintained watchlist information.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill advertises a command to completely clear the watchlist without stating that this is irreversible or that confirmation is required. Because the watchlist is persisted in a local file, an accidental invocation or prompt misunderstanding could cause immediate user data loss.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The script sends the user-supplied stock code to 10jqka.com.cn to resolve a stock name without any user-facing disclosure, consent, or privacy notice. While the data sent is limited, it still leaks user interest/watchlist activity to a third party and may be unexpected in a personal watchlist tool, making this a real privacy/security issue rather than a false positive.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal