ClawHub
Back to skill

Security audit

Darts Forecasting

Security checks across malware telemetry and agentic risk

Overview

This skill is labeled as Darts forecasting but contains conflicting ZVT quant-trading, backtesting, broker/provider, and unrelated documentation-tooling instructions that users should review before installing.

Install only if you intentionally want a ZVT/quant-trading and backtesting assistant, not just a Darts forecasting reference. Keep workflows to dry-run or backtest mode, avoid broker or paid-provider credentials unless you understand the permissions, and require explicit confirmation before any data collection, package install, generated skill saving, or trading-related action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (14)

Description-Behavior Mismatch

High
Confidence
94% confidence
Finding
The skill is described as a Darts forecasting capability, but the documented workflow expands into data collection, storage, target selection, trading execution, and visualization. This scope mismatch can cause an agent or user to invoke the skill for higher-risk financial actions than advertised, including backtesting or live-trading behaviors that require much stronger controls and validation.

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The listed use cases focus on Sphinx documentation tooling and Python path utilities, which do not match the stated financial time-series forecasting purpose. This inconsistency undermines trust in the skill definition and increases the chance that unrelated capabilities are accidentally or improperly invoked under a misleading financial label.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
Advertising trading-execution capability in a skill framed as a forecasting library materially raises risk because execution is an action-taking function, not just analysis. If an agent treats this as authorized trading functionality, it could generate or facilitate market orders without the governance, authentication, and human-approval safeguards expected for live financial operations.

Context-Inappropriate Capability

Medium
Confidence
81% confidence
Finding
Including developer-documentation and local path-management capabilities inside a financial forecasting skill creates a context mismatch that can confuse routing and tool selection. In agent environments, such ambiguity can lead to the wrong workflows being invoked or excessive permissions being granted under an inaccurate capability label.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The human-facing summary describes a different capability set (ZVT-based A-share quant trading and backtesting) than the declared skill metadata (Darts time-series forecasting). This kind of identity mismatch can mislead users and downstream agents into invoking the skill for unintended financial/trading tasks, causing unsafe tool use, incorrect trust assumptions, and policy/control bypass if routing relies on metadata.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The tagline and use cases actively market the skill as a quant strategy/backtesting assistant rather than a Darts forecasting skill, reinforcing a deceptive or inconsistent skill identity. In an agent ecosystem, this increases the chance of incorrect task selection, accidental execution in higher-risk financial contexts, and user reliance on capabilities the skill may not actually implement or govern safely.

Description-Behavior Mismatch

Critical
Confidence
99% confidence
Finding
The file’s declared identity is a Darts forecasting skill, but its actual behavior and instructions define a ZVT trading/backtesting agent with execution flow, preconditions, hard gates, validation, and skill persistence. This is dangerous because it creates a severe capability misrepresentation: a user or host may authorize a low-risk forecasting tool while actually loading a higher-risk trading workflow with materially different operational and security consequences.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
Embedding direct trading and backtesting capabilities inside a skill presented as a lightweight forecasting library expands the effective privilege and action surface far beyond user expectations. In this context, the mismatch is especially dangerous because finance/trading actions can influence capital allocation decisions and may be invoked under false assumptions about the skill’s scope.

Context-Inappropriate Capability

High
Confidence
94% confidence
Finding
The same manifest includes unrelated Sphinx documentation tooling use cases alongside forecasting and trading content, showing scope contamination inside a security-sensitive skill definition. This increases ambiguity in intent routing and broadens what may be executed or surfaced, making review, policy enforcement, and safe invocation substantially harder.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
User-facing post-install and summary text explicitly market the skill as an A-share quant strategy builder with ZVT, directly contradicting the stated Darts forecasting metadata. Contradictory user-facing messaging is a red flag because it can socially engineer operators into trusting and invoking materially different functionality than the top-level description suggests.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The execute trigger is broad and based on generic intent matching plus common action verbs such as run, execute, backtest, fetch, collect, 跑, and 执行. In a finance-adjacent skill that references trading and backtesting, this can cause unintended activation from ordinary conversation, leading the agent to initiate sensitive analytical or operational workflows without clear user consent.

Vague Triggers

Medium
Confidence
84% confidence
Finding
Generic trigger phrases around documentation, utilities, and package handling are too broad to safely distinguish this skill from normal coding or documentation requests. This increases the chance of accidental invocation and cross-domain behavior, especially because the same file also mixes finance and developer-tooling concepts.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The execute trigger combines broad positive terms with generic action verbs like run/execute/backtest/fetch/collect, making accidental or overly permissive activation likely. In a skill that already contains hidden scope expansion into trading and backtesting, broad triggering materially increases the chance of unintended invocation of risky behavior.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The human-facing prompt encourages broad natural-language requests such as 'tell me what you want; I'll write the code,' which lowers the threshold for unintended invocation and code generation. In the context of a mislabeled finance skill, this increases the risk that users trigger sensitive strategy or execution workflows without appreciating their scope.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal