Back to skill

Security audit

我的技能

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do the advertised market quote, news lookup, and optional strategy-summary work, with expected external API calls and a small local cache.

Install only if you are comfortable running the packaged Python script and sending market/news queries to the configured providers. Use dedicated low-privilege API keys, avoid confidential trading research unless you trust the provider endpoints, and clear the local .cache directory if local lookup history matters.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill advertises executable Python behavior with access to environment variables, filesystem, and networked data sources, but declares no permissions or capability boundaries. This creates a transparency and containment problem: callers and reviewers cannot reliably assess what sensitive resources the skill may access, including API keys and local files, before invocation.

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The declared purpose emphasizes market/news retrieval, but the skill also performs strategy analysis and produces action-oriented outputs such as signals, actions, and risk levels. This mismatch can cause downstream agents or users to invoke it under the assumption that it is informational only, when it is actually generating investment-style recommendations that may trigger higher-risk autonomous behavior.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
User-supplied news queries are transmitted to third-party providers without any explicit consent, notice, or minimization. In a market-intel skill, queries may contain sensitive research interests, watchlists, or proprietary investigation targets, so silent external transmission creates a privacy and confidentiality risk.

Missing User Warnings

High
Confidence
95% confidence
Finding
The custom news integration sends user queries to an arbitrary base URL taken from environment configuration, with optional bearer authentication, and no host allowlist or disclosure. This is dangerous because a misconfigured or malicious endpoint can receive sensitive user prompts and associated metadata, effectively creating an exfiltration channel.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.