Portfolio Daily Tracker

Security checks across malware telemetry and agentic risk

Overview

This portfolio tracker is purpose-aligned, but it deserves Review because it can modify financial records, send private reports externally, and installs unpinned remote engine code.

Install only if you are comfortable reviewing or trusting the GitHub repository cloned during setup. Keep Feishu/Telegram and OpenAI credentials unset unless you need those features, and require explicit confirmation before any holdings, cash, fund, rebalance, remove, pipeline, or report-send action.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Vague Triggers

Medium

Confidence: 78% confidence
Finding: The Chinese trigger conditions are broad and ambiguous, covering common conversation about holdings, performance, and cash changes without clear confirmation gates. In this skill's context, ambiguous activation is more dangerous because the documented actions include modifying portfolio records, generating reports, and potentially pushing notifications, so a casual statement could trigger unintended state changes or disclosure.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The top-level description and invocation wording are broad enough that the skill may activate on ordinary portfolio-related conversation without clear user intent to modify holdings or run external actions. In this skill, activation can lead to state-changing portfolio updates, network price fetches, and notification pushes, so ambiguous triggering increases the risk of unintended operations and financial record corruption.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger list covers many common finance phrases but lacks strict activation constraints, exclusions, or examples of when the skill must not run. Because the documented workflow includes modifying holdings, cash/fund balances, generating reports, and optional outbound pushes, overbroad matching could cause accidental invocation from casual discussion or hypothetical planning.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The tool exposes a single callable that triggers multiple side effects: snapshot generation, report creation, outbound push, and dashboard sync. In an agent context, insufficiently explicit side-effect labeling increases the chance that an LLM or user invokes it without realizing it can send external notifications or modify external systems, leading to unintended disclosure or unauthorized operational actions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal