Back to skill

Security audit

智能投资简报生成器

Security checks across malware telemetry and agentic risk

Overview

This stock-brief skill appears purpose-aligned, but it should be reviewed because crafted stock/name inputs can be interpolated into a shell command and run locally.

Review before installing. Use only trusted stock/name inputs, verify the separate tavily-search helper is installed from a trusted source, and avoid writing reports to important existing files. Prefer an updated version that uses execFile/spawn argument arrays and validates stock/name inputs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The script builds a shell command string with user-influenced input (`query`, derived from `--stock`/`--name`) and executes it via `execSync`, which invokes a shell. Even though the script path and query are wrapped in double quotes, shell metacharacters such as embedded quotes or command substitutions can still break out of quoting and lead to command injection, making this more dangerous than a normal stock-brief generator needs to be.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The script writes generated content to any path supplied by the user without validation, sandboxing, or confirmation. In an agent or automation context, this can overwrite arbitrary files accessible to the current user, which is risky because the skill consumes external search content and presents itself as a report generator that may be run unattended.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/generate-brief.mjs:90