A Share Stock Dossier

Security checks across malware telemetry and agentic risk

Overview

This stock-analysis skill is transparent about using web research and market-data APIs, with no evidence of hidden credential use, persistence, or destructive behavior.

Install only if you want an agent to perform web-heavy A-share stock research and run the included market-data helper. Avoid putting unnecessary personal financial details into prompts, verify important facts independently, and do not treat generated portfolio actions as automatic trading instructions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill explicitly instructs use of network-capable tools (`web_search`, `web_fetch`, `browser`) and external market-data scripts, yet no permissions are declared. Undeclared network capability weakens sandboxing and review assumptions, increasing the chance of unvetted outbound access, data exfiltration, or SSRF-style misuse if the runtime honors the behavior rather than the manifest.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 80% confidence
Finding: A large description-behavior mismatch is a security and trust problem because users and reviewers may approve the skill for analyst-grade, evidence-bound workflows while the actual implementation lacks those safeguards and verification steps. That can lead to unsafe reliance on incomplete or fabricated analysis, hidden capability gaps, and misuse of tools under false expectations.

Vague Triggers

Medium

Confidence: 77% confidence
Finding: The invocation text uses broad, common trigger phrases covering many stock-analysis scenarios without tight boundaries. Over-broad activation can cause the skill to run in unintended contexts, leading to unnecessary tool use, overcollection from the web, and financially sensitive advice generation when the user did not clearly request this specialized workflow.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal