Back to skill

Security audit

A Share Dashboard

Security checks across malware telemetry and agentic risk

Overview

This stock dashboard appears purpose-aligned, but it runs an unreviewed helper script from another local skill path when loading market data.

Review before installing or running. Verify and trust the referenced a-share-stock-dossier helper script first, or run this in a controlled environment. Avoid entering sensitive portfolio details unless you are comfortable with both this dashboard and the external helper it executes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
This dashboard delegates core data retrieval to a Python script located in another skill's directory outside its own codebase. That creates a trust-boundary violation: if the external skill/script is modified, compromised, or behaves unexpectedly, this dashboard will execute it and consume its output without any integrity check.

Context-Inappropriate Capability

Medium
Confidence
85% confidence
Finding
The application executes a local Python program as a subprocess to perform dashboard functionality, expanding the attack surface beyond simple presentation logic. In this skill context, users expect stock analysis, not execution of secondary code artifacts, so hidden local code execution is more dangerous because it can inherit the app's privileges and evade review of the displayed file.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The code path fetches data by launching a subprocess but provides no user-facing disclosure that opening or refreshing the dashboard causes execution of another local program. While lack of disclosure is not a code-execution exploit by itself, it is a security-relevant transparency failure that can hide risky behavior and hinder informed consent and review.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.