A Share Daily Report

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a coherent A-share report generator, but it needs user review because it can expose report contents or credential fragments through publishing and logs.

Review before installing. Clear or replace the Feishu target_chat_id, use --publish only when you intend to send the generated report to Feishu, and avoid putting sensitive portfolio details in the watchlist unless external sharing is acceptable. Remove or patch the API-key prefix logging before using real credentials, and treat generated trading guidance as non-personalized, potentially incomplete market commentary.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (9)

Context-Inappropriate Capability

Medium

Confidence: 89% confidence
Finding: The configuration enables external API use and, more importantly, outbound Feishu delivery to a specific chat ID by default. In a skill that generates reports, hard-wiring external publication destinations can cause unintended data disclosure because generated content may be pushed outside the local environment without an explicit per-user opt-in.

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: The renderer hard-codes multiple ✅ completeness claims in the data quality section even though elsewhere it detects and reports missing inputs. This can mislead users into trusting an incomplete or degraded market report, causing bad decisions based on false assurances about data coverage and report integrity.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The document specifies a full publication pipeline to Feishu and PDF export but does not mention that report contents will be transmitted to external systems. That lack of disclosure is dangerous because users may assume the skill is local-only while market analysis, watchlists, or other sensitive derived data are automatically shared to third-party services.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The configuration enables Feishu message delivery to a specific external chat ID by default, with no warning that generated reports will be automatically pushed to that recipient. This creates a concrete risk of unauthorized disclosure because users who run the skill as documented could immediately send potentially sensitive reports to an unintended third party.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The README explicitly promotes publishing generated reports to Feishu and sending notifications, but it does not clearly warn users that report contents, document metadata, and recipient identifiers may be transmitted to an external third-party service. In a finance-reporting skill, this matters because reports may contain sensitive market commentary, watchlists, strategy outputs, or account-linked identifiers, so users could unknowingly exfiltrate data off-platform.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill documents an optional Feishu publishing feature that creates cloud documents and sends notifications, but it does not clearly warn users that generated report content, stock selections, and identifiers such as Feishu open_id/chat_id will be transmitted to external services. In a financial-reporting skill, this can expose sensitive investment interests, report contents, and user identifiers to third-party platforms without sufficiently explicit user awareness or consent.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The document defines a workflow that produces explicit market predictions, watchlists, entry ranges, stop-loss suggestions, and position sizing guidance, but it does not require any user-facing warning that the output is informational and not personalized investment advice. In a finance-facing skill, this omission can mislead users into treating generated content as actionable regulated advice, increasing legal, compliance, and user-harm risk if the recommendations are poor or unsuitable.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The rule stating that the skill can read real holdings from a configuration file implies processing sensitive personal portfolio data, but the document provides no safeguards for minimization, storage, access control, retention, or disclosure. Even if this is not a code-level exploit by itself, it creates a real privacy and data-handling risk because portfolio positions can reveal wealth, behavior, and investment strategy.

Ssd 3

Medium

Confidence: 98% confidence
Finding: The code logs the first 10 characters of MX_APIKEY and TUSHARE_TOKEN, leaking partial credentials into application logs. Even partial secret disclosure materially reduces brute-force/search space and can aid correlation across systems, especially if logs are centralized or accessible to support staff, other tenants, or incident responders.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal