Security audit

strategy-engine

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only skill for running quantitative strategy backtests through an MCP server, with disclosed external-service use and no hidden code or persistence.

Install this only if you intend to run Strategy Engine MCP backtests. Before each run, confirm the date range, contract or pool, initial cash, commission, slippage, and that you want to send the strategy parameters to the external MCP/result-viewing service.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Description-Behavior Mismatch

Low

Confidence: 84% confidence
Finding: The skill expands from strategy execution into directing users to an external result viewer, which creates a trust-boundary transition not called out to the user. This is dangerous because it can cause users or the agent to disclose run identifiers and financial-analysis parameters to a third-party site without explicit consent or warning.

Intent-Code Divergence

Medium

Confidence: 92% confidence
Finding: The documented default time-range logic is internally inconsistent: it claims a default of current date minus three months, but the example start date is later than that and may even be chronologically invalid for the stated current date. This is dangerous because agents may generate incorrect backtest windows, leading to misleading financial analysis and potentially unsafe user decisions based on wrong results.

Intent-Code Divergence

Medium

Confidence: 90% confidence
Finding: The skill gives conflicting defaults for commission handling, alternately indicating zero commission and system-configured commission. This is dangerous because inconsistent transaction-cost assumptions materially affect backtest outcomes, which can mislead users about strategy profitability and risk.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The invocation description is broad enough to trigger on generic financial-analysis requests, not just requests that truly require this MCP tool. This is dangerous because it can cause unnecessary tool use, over-collection of user inputs, and execution of strategy/backtest workflows when a simple conversational answer would have sufficed.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The automatic invocation rule says to call the skill whenever the user needs strategy execution, backtesting, or financial analysis, but does not define boundaries or confirmation requirements. This is dangerous because ambiguous auto-invocation can route ordinary analytical queries into external tooling and expose user data or trigger unintended actions.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The result-view instructions tell the agent to provide a full external URL but do not warn that opening it sends the user to a third-party site and exposes run parameters in the query string. This is dangerous because URLs may leak identifiers, cash amounts, and other metadata through browser history, logs, referrers, or screenshots.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.