Security audit

Daily Portfolio Analysis

Security checks across malware telemetry and agentic risk

Overview

This portfolio skill appears useful, but it may send sensitive financial reports to Feishu without clear opt-in or prominent disclosure.

Review this skill before installing. Use it only if you understand what portfolio data it reads and where reports are sent. Confirm or disable any Feishu webhook/report push behavior, avoid uploading brokerage screenshots unless necessary, and treat generated holdings summaries as sensitive financial information.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (6)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill describes capabilities to read/write local files and access external networks, yet it declares no permissions or user-facing consent boundaries. In a financial portfolio skill, this is especially risky because it may process highly sensitive holdings data, screenshots, and generated reports without transparent authorization, making over-collection or unintended exfiltration more likely.

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The script unconditionally sends the generated portfolio report to Feishu, which exfiltrates sensitive financial holdings data to an external service. In a skill whose stated purpose is portfolio analysis/querying, automatic outbound transmission without explicit user consent or clear disclosure creates a real privacy and data-handling risk.

Intent-Code Divergence

Medium

Confidence: 89% confidence
Finding: The module docstring describes only reading and analyzing portfolio data, but the script also transmits the full report externally. This mismatch is security-relevant because it conceals data egress behavior from reviewers and users, increasing the chance that sensitive holdings are processed under false assumptions.

Vague Triggers

Medium

Confidence: 81% confidence
Finding: The trigger phrases are broad, natural conversational finance phrases that could match ordinary chat and invoke the skill unexpectedly. Because this skill handles sensitive investment data and can generate or send reports, accidental activation increases the chance of exposing private holdings or causing unintended outbound actions.

Missing User Warnings

High

Confidence: 95% confidence
Finding: The skill collects sensitive financial information from portfolio screenshots and supports pushing real holdings reports to third-party channels, but it lacks prominent warnings about privacy, transmission, storage, and third-party exposure. In this context, the missing disclosure materially increases the risk of users sharing brokerage data without understanding how it will be processed or where it may be sent.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script sends the full portfolio summary to Feishu without any user-facing warning, confirmation, or in-file disclosure at the point of execution. Because the summary contains aggregated holdings, valuations, and performance data, this can expose highly sensitive personal financial information to third-party infrastructure or unintended recipients.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal