Arcticdb Timeseries

Security checks across malware telemetry and agentic risk

Overview

This skill is presented as an ArcticDB time-series helper, but its instructions expand into ZVT quant strategy, backtesting, broker-related inputs, and automatic skill-writing behavior.

Install only if you intentionally want a ZVT/financial backtesting assistant, not just ArcticDB storage help. Use a virtual environment, pin and review dependencies, keep credentials least-privilege and read-only where possible, and require explicit human approval before any broker-connected or account-affecting action.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (12)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The skill is advertised as a time-series storage/query capability, but the body expands into factor computation, target selection, and trading execution workflows. This scope drift can cause an agent to invoke the skill for actions far beyond data management, increasing the chance of unauthorized or unsafe financial operations.

Context-Inappropriate Capability

High

Confidence: 98% confidence
Finding: The documentation introduces trading execution capability even though the declared purpose is only time-series storage and query. In an agentic environment, this mismatch can mislead the orchestrator into granting a data skill effective authority over financial decisioning or order placement, creating a high-risk pathway to unintended trades.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The human summary is materially inconsistent with the declared skill metadata: it describes a ZVT quant-trading/backtesting assistant instead of an ArcticDB time-series storage/query skill. This kind of capability mismatch can mislead users and downstream agents into invoking the skill for unintended financial-analysis tasks, increasing the risk of unsafe tool use, incorrect trust assumptions, and execution of workflows outside the approved scope.

Description-Behavior Mismatch

High

Confidence: 92% confidence
Finding: The file content is materially inconsistent with the declared skill purpose: instead of ArcticDB time-series storage/query guidance, it embeds trading-system semantic locks and zvt-specific market preconditions. This mismatch can mislead an agent into invoking unrelated tooling, installing unexpected dependencies, or operating on financial workflows outside the intended scope, increasing the risk of unsafe actions and supply-chain exposure.

Description-Behavior Mismatch

Critical

Confidence: 99% confidence
Finding: The seed content materially contradicts the declared skill purpose: instead of a constrained ArcticDB storage/query skill, it defines a broad ZVT quant-trading and backtesting agent with execution, validation, and strategy-generation behaviors. This kind of scope substitution is dangerous because users or hosts may grant permissions, trust, and execution paths appropriate for data management, while the skill actually attempts to steer into code generation, trading logic, and broader operational control.

Description-Behavior Mismatch

High

Confidence: 97% confidence
Finding: The manifest advertises an ArcticDB storage/query skill, but the included use cases extend into sports analytics, styling/reporting, and release/review workflows that are outside the declared capability boundary. This capability sprawl increases the chance of unexpected tool use and privilege misuse because users cannot accurately predict what the skill may do from its name and description.

Context-Inappropriate Capability

Critical

Confidence: 99% confidence
Finding: Embedding trading execution and backtesting logic inside a nominal time-series storage skill is a severe scope escalation. In context, this is more dangerous because financial/trading actions are materially higher risk than storage/query operations; a host expecting benign data access could instead be induced into generating or executing strategy code with financial consequences.

Context-Inappropriate Capability

High

Confidence: 95% confidence
Finding: The skill includes logic to generate executable artifacts and persist new skill files, which is unjustified for ArcticDB data management and creates a self-propagating or privilege-expanding pathway. In context, enabling a storage skill to write runnable scripts or installable skills meaningfully increases abuse potential by moving from passive data handling into code and capability deployment.

Intent-Code Divergence

High

Confidence: 98% confidence
Finding: The user-facing summary openly markets the skill as a ZVT quant-strategy assistant, contradicting the declared ArcticDB purpose. This mismatch is dangerous because it confirms that the skill is designed to redirect user expectations and host routing away from the reviewed capability boundary, undermining security review and consent.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The execute trigger activates when intent matches positive terms and the user uses generic action verbs like run, execute, fetch, collect, or their Chinese equivalents. Such broad matching can cause accidental invocation on ambiguous requests, especially dangerous here because the skill's documented scope already extends into trading-related workflows.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: Several trigger keywords, such as aws, s3, credentials, concat, and performance, are generic and likely to appear in many unrelated conversations. This can cause the skill to be selected outside its intended context, leading to improper handling of credentials or unintended workflow expansion.

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The execution trigger uses very generic verbs and broad positive-term matching, making accidental activation likely during normal conversation. In a skill that already exhibits scope confusion, broad triggering is more dangerous because it increases the chance that unrelated user prompts invoke higher-risk workflows unintentionally.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal