!
Purpose & Capability
The skill's declared purpose (AI trading assistant) and the runtime SKILL.md focus only on market analysis and a position sizing script. However the package contains many unrelated components (port_scanner.py, sql_injector.py, vulnerability-scanner, sandbox-script-executor, Playwright-based analyzer, etc.). Those capabilities (network scanning, SQL injection testing, sandbox execution) are not required for a trading assistant and are disproportionate to the stated purpose.
!
Instruction Scope
The provided ai-trading SKILL.md keeps scope to market analysis and risk management and references only position_sizing.py and templates. But many extra files and nested SKILL.md exist that instruct or enable: long-running monitoring loops (monitor.py), browser automation via Playwright (analyze_token.py), port scanning and basic SQL injection testing. Even if not referenced in the top SKILL.md, those scripts are present and could be executed by the agent if given leeway—this is scope creep and a security concern.
ℹ
Install Mechanism
There is no install spec (instruction-only), which limits automatic installation risk. However the bundle includes scripts that require additional dependencies (Playwright browser, requests, network access). If the agent or a user installs dependencies or runs these scripts, the environment may be extended to run browser automation and network probing. The lack of declared required binaries/envs is inconsistent with included Playwright-based code.
!
Credentials
The skill declares no environment variables or credentials (appropriate for trading helper), but contains scripts that contact arbitrary hosts and perform potentially intrusive actions (port scanning, SQL injection tests, external site scraping). While no secrets are requested, the presence of offensive testing tools is disproportionate and raises abuse/legal risk if executed against third-party targets.
✓
Persistence & Privilege
Flags show always:false and normal agent invocation settings. The skill does not request persistent system-level privileges in metadata. That said, some included scripts could run indefinitely (monitor.py with 'forever') if executed—so runtime behavior could be persistent if invoked.
Scan Findings in Context
[port_scanner_script] unexpected: A port_scanner.py that attempts TCP connects is included. Port scanning is unrelated to trading and can be used for reconnaissance; its presence is unexpected for a trading assistant.
[sql_injector_script] unexpected: A sql_injector.py that crafts injection payloads and probes URLs is present. This is an offensive testing capability not needed for market analysis.
[playwright_automation] unexpected: analyze_token.py uses Playwright to open pages and scrape dynamic content. Browser automation can be reasonable for token analysis, but Playwright introduces heavy dependencies and the script is packaged alongside unrelated offensive tools, increasing risk.
[sandbox_script_executor] unexpected: Files and references to a 'sandbox-script-executor' and 'vulnerability-scanner' suggest the bundle aggregates many separate skills, some of which enable executing arbitrary scripts—this amplifies the potential for abuse.
What to consider before installing
This package is mixed: the visible ai-trading instructions and position_sizing.py look legitimate, but the archive contains many unrelated and potentially dangerous tools (port scanner, SQL injection tester, sandbox executor, etc.). Before installing or running anything: 1) Do not run any scripts you don't understand or that contact external hosts. 2) Ask the publisher for a trimmed package that only contains the trading files you need (SKILL.md, position_sizing.py, templates, references). 3) If you must test, run in an isolated sandbox or VM with no network access and inspect dependencies (Playwright requires browser binaries). 4) Be aware of legal/ethical rules—port scanning and automated injection tests can be illegal or abusive against third-party systems. 5) Prefer official/verified trading skills from known authors, and if you proceed, scan the files for unexpected network calls or credential access and remove offensive tools. If you want, I can list all filenames flagged as unrelated or produce a cleaned manifest containing only the trading-related files.
