Back to skill

Security audit

StockStar ESG - 证券之星企业ESG信息查询

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent ESG stock-rating lookup tool that makes expected outbound web requests and does not show hidden persistence, credential access, or destructive behavior.

Install this if you are comfortable with stock/company search terms being sent to the configured public data providers for ESG lookup. In ambiguous conversations about ESG that are not about listed securities, ask the agent to confirm before running the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
83% confidence
Finding
The skill explicitly instructs the agent to invoke a Python script that fetches live ESG data, which implies network access, yet no permissions are declared. Undeclared network capability weakens security review and user/admin visibility into what the skill can access, creating risk of unexpected outbound requests or later capability creep.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list includes broad terms such as 'ESG', '评级', '评分', and '公司治理', which can appear in many unrelated conversations. Overbroad activation can cause the skill to run unexpectedly, leading to unintended network calls, wrong-context responses, or leakage of user prompts into external lookups.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The usage examples reinforce ambiguous activation by treating generic phrases like '环境评分', '社会责任评分', and '治理评分' as sufficient triggers without requiring a stock or issuer context. In a broader assistant environment, these terms may match non-financial discussions and cause the skill to engage inappropriately.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.