Back to skill

Security audit

Stock Deep Report

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does what it says, but it should be reviewed because its generated HTML report can include unescaped third-party or user-influenced data and it also persists report details to working memory.

Install only if you are comfortable with third-party finance lookups for the stocks you ask about, local report generation, and working-memory retention of report metadata. Treat generated HTML as untrusted unless the renderer is fixed to escape all data fields consistently, especially when report content is sourced from web pages or search results.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (17)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill instructs the agent to write JSON files under /tmp and generate an HTML file via build.py, but the metadata does not declare file read/write permissions. That creates a capability/permission mismatch that can bypass user expectations and reduce policy enforcement visibility around local file access.

Description-Behavior Mismatch

Low
Confidence
82% confidence
Finding
The skill’s stated purpose is generating a stock HTML report, but Step 4 also requires updating '工作记忆' with analysis details. This introduces extra data persistence beyond the immediate task, which can retain user interests or activity history without being necessary for report generation.

Context-Inappropriate Capability

Low
Confidence
84% confidence
Finding
Persisting working memory is not directly required to fetch market data or render the HTML report. Unnecessary state retention expands the privacy surface and can enable profiling of user trading interests over time.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The file defines an HTML escaping helper, but many later sections interpolate JSON-derived values directly into HTML attributes and element bodies without calling esc(). Examples include table headers/cells, title fields, company/name metadata, analyst/corporate action fields, and other report content. Because the input JSON is AI-collected and potentially adversarial, this enables stored HTML/JavaScript injection in the generated report, which can execute when a user opens the HTML locally or in a browser.

Vague Triggers

Medium
Confidence
76% confidence
Finding
Broad trigger phrases like generic requests about '股票报告' or simply entering a stock code can cause accidental invocation. Because this skill performs network fetches and file generation, overbroad triggering may lead to unintended external requests and local file writes from casual user input.

Vague Triggers

Medium
Confidence
74% confidence
Finding
The header-level trigger keywords are broad and weakly scoped, increasing the chance that the skill activates on incidental finance-related phrases. In context, that matters because activation leads to multi-source data collection, file writes, and report generation.

External Transmission

Medium
Category
Data Exfiltration
Content
| 个股资料(F10) | `https://emweb.securities.eastmoney.com/pc_hsf10/pages/index.html?type=web&code={market}{code}` | 公司概况、财务分析、股东研究 |
| 财务分析 | `{F10_URL}#/cwfx` | 利润表、资产负债表、现金流量表 |
| 股东研究 | `{F10_URL}#/gdyj` | 前十大股东、机构持仓 |
| 资金流向 | `https://data.eastmoney.com/zjlx/{code}.html` | 主力资金净流入、超大单/大单/中单/小单 |
| 融资融券 | `https://data.eastmoney.com/rzrq/detail/{code}.html` | 融资余额、融券余量(仅适用于融资融券标的) |
| 沪深港通持股 | `https://data.eastmoney.com/hsgtcg/stock.html?scode={code}` | 北向/南向资金持仓变化(仅适用于沪深港通标的) |
| 公司公告 | `https://data.eastmoney.com/notices/stock/{code}.html` | 近30天公告列表 |
Confidence
89% confidence
Finding
https://data.eastmoney.com/

External Transmission

Medium
Category
Data Exfiltration
Content
| 财务分析 | `{F10_URL}#/cwfx` | 利润表、资产负债表、现金流量表 |
| 股东研究 | `{F10_URL}#/gdyj` | 前十大股东、机构持仓 |
| 资金流向 | `https://data.eastmoney.com/zjlx/{code}.html` | 主力资金净流入、超大单/大单/中单/小单 |
| 融资融券 | `https://data.eastmoney.com/rzrq/detail/{code}.html` | 融资余额、融券余量(仅适用于融资融券标的) |
| 沪深港通持股 | `https://data.eastmoney.com/hsgtcg/stock.html?scode={code}` | 北向/南向资金持仓变化(仅适用于沪深港通标的) |
| 公司公告 | `https://data.eastmoney.com/notices/stock/{code}.html` | 近30天公告列表 |
| 个股新闻 | `https://so.eastmoney.com/news/s?keyword={股票名称}` | 近30天新闻 |
Confidence
89% confidence
Finding
https://data.eastmoney.com/

External Transmission

Medium
Category
Data Exfiltration
Content
| 股东研究 | `{F10_URL}#/gdyj` | 前十大股东、机构持仓 |
| 资金流向 | `https://data.eastmoney.com/zjlx/{code}.html` | 主力资金净流入、超大单/大单/中单/小单 |
| 融资融券 | `https://data.eastmoney.com/rzrq/detail/{code}.html` | 融资余额、融券余量(仅适用于融资融券标的) |
| 沪深港通持股 | `https://data.eastmoney.com/hsgtcg/stock.html?scode={code}` | 北向/南向资金持仓变化(仅适用于沪深港通标的) |
| 公司公告 | `https://data.eastmoney.com/notices/stock/{code}.html` | 近30天公告列表 |
| 个股新闻 | `https://so.eastmoney.com/news/s?keyword={股票名称}` | 近30天新闻 |
| 研究报告 | `https://data.eastmoney.com/report/stock/{code}.html` | 券商研报、分析师评级 |
Confidence
89% confidence
Finding
https://data.eastmoney.com/

External Transmission

Medium
Category
Data Exfiltration
Content
| 资金流向 | `https://data.eastmoney.com/zjlx/{code}.html` | 主力资金净流入、超大单/大单/中单/小单 |
| 融资融券 | `https://data.eastmoney.com/rzrq/detail/{code}.html` | 融资余额、融券余量(仅适用于融资融券标的) |
| 沪深港通持股 | `https://data.eastmoney.com/hsgtcg/stock.html?scode={code}` | 北向/南向资金持仓变化(仅适用于沪深港通标的) |
| 公司公告 | `https://data.eastmoney.com/notices/stock/{code}.html` | 近30天公告列表 |
| 个股新闻 | `https://so.eastmoney.com/news/s?keyword={股票名称}` | 近30天新闻 |
| 研究报告 | `https://data.eastmoney.com/report/stock/{code}.html` | 券商研报、分析师评级 |
| 限售股解禁 | `https://data.eastmoney.com/dxljcx/{code}.html` | 解禁时间表 |
Confidence
89% confidence
Finding
https://data.eastmoney.com/

External Transmission

Medium
Category
Data Exfiltration
Content
| 沪深港通持股 | `https://data.eastmoney.com/hsgtcg/stock.html?scode={code}` | 北向/南向资金持仓变化(仅适用于沪深港通标的) |
| 公司公告 | `https://data.eastmoney.com/notices/stock/{code}.html` | 近30天公告列表 |
| 个股新闻 | `https://so.eastmoney.com/news/s?keyword={股票名称}` | 近30天新闻 |
| 研究报告 | `https://data.eastmoney.com/report/stock/{code}.html` | 券商研报、分析师评级 |
| 限售股解禁 | `https://data.eastmoney.com/dxljcx/{code}.html` | 解禁时间表 |
| 分红配送 | `https://data.eastmoney.com/dividend/{code}.html` | 历史分红记录 |
| 公司回购 | `https://data.eastmoney.com/bgsj/{code}.html` | 回购进展 |
Confidence
89% confidence
Finding
https://data.eastmoney.com/

External Transmission

Medium
Category
Data Exfiltration
Content
| 公司公告 | `https://data.eastmoney.com/notices/stock/{code}.html` | 近30天公告列表 |
| 个股新闻 | `https://so.eastmoney.com/news/s?keyword={股票名称}` | 近30天新闻 |
| 研究报告 | `https://data.eastmoney.com/report/stock/{code}.html` | 券商研报、分析师评级 |
| 限售股解禁 | `https://data.eastmoney.com/dxljcx/{code}.html` | 解禁时间表 |
| 分红配送 | `https://data.eastmoney.com/dividend/{code}.html` | 历史分红记录 |
| 公司回购 | `https://data.eastmoney.com/bgsj/{code}.html` | 回购进展 |
| 大宗交易 | `https://data.eastmoney.com/bbsj/{code}.html` | 大宗交易记录 |
Confidence
89% confidence
Finding
https://data.eastmoney.com/

External Transmission

Medium
Category
Data Exfiltration
Content
| 个股新闻 | `https://so.eastmoney.com/news/s?keyword={股票名称}` | 近30天新闻 |
| 研究报告 | `https://data.eastmoney.com/report/stock/{code}.html` | 券商研报、分析师评级 |
| 限售股解禁 | `https://data.eastmoney.com/dxljcx/{code}.html` | 解禁时间表 |
| 分红配送 | `https://data.eastmoney.com/dividend/{code}.html` | 历史分红记录 |
| 公司回购 | `https://data.eastmoney.com/bgsj/{code}.html` | 回购进展 |
| 大宗交易 | `https://data.eastmoney.com/bbsj/{code}.html` | 大宗交易记录 |
| 龙虎榜 | `https://data.eastmoney.com/lhb/{code}.html` | 龙虎榜上榜记录、席位买卖 |
Confidence
89% confidence
Finding
https://data.eastmoney.com/

External Transmission

Medium
Category
Data Exfiltration
Content
| 研究报告 | `https://data.eastmoney.com/report/stock/{code}.html` | 券商研报、分析师评级 |
| 限售股解禁 | `https://data.eastmoney.com/dxljcx/{code}.html` | 解禁时间表 |
| 分红配送 | `https://data.eastmoney.com/dividend/{code}.html` | 历史分红记录 |
| 公司回购 | `https://data.eastmoney.com/bgsj/{code}.html` | 回购进展 |
| 大宗交易 | `https://data.eastmoney.com/bbsj/{code}.html` | 大宗交易记录 |
| 龙虎榜 | `https://data.eastmoney.com/lhb/{code}.html` | 龙虎榜上榜记录、席位买卖 |
| 股权质押 | `https://data.eastmoney.com/gpzy/{code}.html` | 大股东质押情况 |
Confidence
89% confidence
Finding
https://data.eastmoney.com/

External Transmission

Medium
Category
Data Exfiltration
Content
| 限售股解禁 | `https://data.eastmoney.com/dxljcx/{code}.html` | 解禁时间表 |
| 分红配送 | `https://data.eastmoney.com/dividend/{code}.html` | 历史分红记录 |
| 公司回购 | `https://data.eastmoney.com/bgsj/{code}.html` | 回购进展 |
| 大宗交易 | `https://data.eastmoney.com/bbsj/{code}.html` | 大宗交易记录 |
| 龙虎榜 | `https://data.eastmoney.com/lhb/{code}.html` | 龙虎榜上榜记录、席位买卖 |
| 股权质押 | `https://data.eastmoney.com/gpzy/{code}.html` | 大股东质押情况 |
Confidence
89% confidence
Finding
https://data.eastmoney.com/

External Transmission

Medium
Category
Data Exfiltration
Content
| 分红配送 | `https://data.eastmoney.com/dividend/{code}.html` | 历史分红记录 |
| 公司回购 | `https://data.eastmoney.com/bgsj/{code}.html` | 回购进展 |
| 大宗交易 | `https://data.eastmoney.com/bbsj/{code}.html` | 大宗交易记录 |
| 龙虎榜 | `https://data.eastmoney.com/lhb/{code}.html` | 龙虎榜上榜记录、席位买卖 |
| 股权质押 | `https://data.eastmoney.com/gpzy/{code}.html` | 大股东质押情况 |

**第3步:使用 `web_fetch` 获取数据**
Confidence
89% confidence
Finding
https://data.eastmoney.com/

External Transmission

Medium
Category
Data Exfiltration
Content
| 公司回购 | `https://data.eastmoney.com/bgsj/{code}.html` | 回购进展 |
| 大宗交易 | `https://data.eastmoney.com/bbsj/{code}.html` | 大宗交易记录 |
| 龙虎榜 | `https://data.eastmoney.com/lhb/{code}.html` | 龙虎榜上榜记录、席位买卖 |
| 股权质押 | `https://data.eastmoney.com/gpzy/{code}.html` | 大股东质押情况 |

**第3步:使用 `web_fetch` 获取数据**
Confidence
89% confidence
Finding
https://data.eastmoney.com/

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.