Akshare Financial Data

Security checks across malware telemetry and agentic risk

Overview

This skill is not malware, but its documentation mixes a read-only AkShare data tool with ZVT strategy, backtesting, code-writing, credentials, and trading-execution workflows.

Install only if you want a finance/quant workflow helper, not a simple AkShare lookup tool. Review every suggested package install, keep provider or broker credentials out of chat, use an isolated environment, and require explicit confirmation before any generated code, backtest, local data write, or broker-connected workflow.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (11)

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The skill is advertised as a financial data access tool, but its documented pipeline explicitly extends into factor computation, target selection, and trading execution. This capability mismatch can cause the agent to invoke the skill for trading-related actions the user did not intend, expanding authority from passive data retrieval into decision support or execution in a finance context.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The top use case is Sphinx documentation configuration, which is unrelated to the declared financial-data purpose of the skill. Such cross-domain mismatch is dangerous because it can route documentation/build requests into a skill with finance-oriented prompts and broad triggers, or conceal non-obvious behavior under an unrelated trusted label.

Intent-Code Divergence

High

Confidence: 97% confidence
Finding: The documentation presents the skill as a financial market data tool, but the stated primary use case is docs-builder setup. This inconsistency undermines operator trust and increases the risk of incorrect tool selection, making it easier for unrelated or higher-risk behavior to be hidden behind benign-seeming finance metadata.

Description-Behavior Mismatch

High

Confidence: 93% confidence
Finding: The human summary materially misrepresents the skill’s purpose: the manifest says this is an Akshare financial data query skill, but the summary describes a ZVT-based quant strategy and backtesting assistant that writes code. This can cause the agent or user to invoke the skill under false assumptions, expanding behavior beyond the declared scope and increasing the chance of unsafe code generation, unintended tool use, or misuse of unsupported data/providers.

Intent-Code Divergence

Medium

Confidence: 88% confidence
Finding: The documentation creates scope confusion by claiming Akshare relevance while centering on ZVT workflows, strategy construction, and backtesting. In an agent setting, this kind of mismatch is dangerous because routing, user trust, and downstream actions may rely on the summary text; a misleading summary can trigger the wrong capability path and cause execution of unintended finance-analysis or code-authoring tasks.

Description-Behavior Mismatch

High

Confidence: 97% confidence
Finding: The skill metadata says this is an Akshare financial-data query skill, but the seed actually defines a ZVT-centric strategy generation, backtesting, and even documentation workflow. That capability mismatch is dangerous because it can cause the host or user to authorize code generation/execution, data writes, and trading logic under the false expectation of a read-only market-data helper.

Description-Behavior Mismatch

High

Confidence: 95% confidence
Finding: The declared architecture includes storage, factor computation, target selection, trading execution, and visualization, far beyond the stated purpose of querying financial data. In skill systems, this kind of hidden expansion materially increases risk because a user invoking a data skill may unknowingly trigger strategy-building or execution-oriented behavior.

Context-Inappropriate Capability

High

Confidence: 98% confidence
Finding: The seed contains scaffolding and controls for generating and running backtest/trading scripts and writing outputs, which is inconsistent with a simple financial-data retrieval skill. This is dangerous because it expands from information access into code execution and file creation, increasing the blast radius if the skill is misrouted or invoked with ambiguous prompts.

Intent-Code Divergence

High

Confidence: 98% confidence
Finding: User-facing summaries explicitly market the skill as a ZVT A-share quant strategy builder, directly contradicting the Akshare financial-data query description. This misrepresentation increases the chance of unsafe invocation because users and orchestrators may trust the safer metadata while the skill socially primes them toward strategy execution and code generation.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger logic is overly broad, matching common verbs like run, execute, fetch, and collect combined with documentation-related terms. In a multi-skill agent environment, this raises the chance of accidental invocation for ordinary docs or build tasks, which is especially risky here because the skill scope already appears inconsistent and includes trading-oriented workflow language.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill description does not clearly warn that it may perform outbound data fetching and write files, despite the seed defining storage and execution paths. This omission undermines informed user consent and can lead to unexpected network activity or local state changes in environments where a user expects a passive query-only skill.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal