Xalpha Fund Tool

Security checks across malware telemetry and agentic risk

Overview

This is not clearly malicious, but it presents itself as a fund-analysis helper while the artifacts also enable broader quant, backtesting, data-fetching, package-install, credential-adjacent, and skill-saving workflows.

Review before installing. Use it only if you want a ZVT-style quant/backtesting assistant, not merely a fund-analysis helper. Confirm package installs, generated scripts, market-data downloads, provider or broker credential use, writes to ~/.zvt or ZVT_HOME, and any saved .skill files. Avoid live broker credentials unless the workflow is clearly scoped and you have verified it is simulation-only or explicitly intended for live use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (13)

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The skill is marketed as a fund portfolio analysis tool, but its documented pipeline and prompts expand into stock/crypto strategy backtesting and trading execution. This scope mismatch can cause an agent or user to authorize actions with materially different risk than expected, including trading-related workflows that exceed the declared purpose of the skill.

Intent-Code Divergence

Medium

Confidence: 92% confidence
Finding: The top-level description frames the skill as fund analysis, while nearby operational documentation introduces trading and execution behavior. This creates deceptive or unsafe affordances: a host system may grant the skill access or expose it to users under a low-risk analytics label when the content actually steers toward higher-risk financial actions.

Description-Behavior Mismatch

High

Confidence: 96% confidence
Finding: The human summary materially expands the skill from fund-analysis into a general-purpose quant trading and backtesting assistant using ZVT, including stock, HK, and crypto workflows. This scope drift can mislead the orchestrator or user into invoking capabilities that were not declared, reviewed, or permissioned, increasing the risk of unsafe code generation, unintended market actions, or use of unsupported data/broker integrations.

Description-Behavior Mismatch

High

Confidence: 97% confidence
Finding: Claiming support for crypto, A-share stock screening, and end-to-end backtesting exceeds the declared fund-analysis purpose and effectively advertises undeclared operational scope. In a skill ecosystem, this kind of mismatch is dangerous because downstream systems or users may rely on the broader description and expose the skill to sensitive workflows it was never meant or approved to handle.

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: Prompting for broker and generic data-provider selection suggests the skill can participate in broader quant/trading pipelines, which is not justified by a fund-analysis-only scope. While not inherently an exploit primitive, it can steer users into granting unnecessary access, sharing account context, or initiating workflows beyond the reviewed purpose of the skill.

Description-Behavior Mismatch

High

Confidence: 96% confidence
Finding: The human-facing summary materially misrepresents the skill as a ZVT-based A-share quant strategy builder, while the rest of the artifact is for xalpha fund analytics. This can cause the host or user to invoke the wrong execution path, install unnecessary packages, and trust incorrect capability boundaries, which is dangerous in a financial-analysis skill because it may lead to invalid code generation or misuse of market/data assumptions.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The architecture and execution narrative describe a stock-trading ZVT pipeline that conflicts with the declared xalpha fund-analysis purpose. In a skill system, this is more dangerous than ordinary documentation drift because execution policies, constraints, and user expectations may be derived from these sections, causing the agent to perform actions under the wrong financial model and safety assumptions.

Intent-Code Divergence

High

Confidence: 97% confidence
Finding: The post-install and human-summary text actively contradict the rest of the file by advertising ZVT A-share quant strategy building. Because these are high-visibility user-facing sections, they can steer users into unsafe assumptions about execution, coverage, and market support, especially in finance where backtesting and live-trading boundaries matter.

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The file introduces stock/crypto-oriented ZVT strategy-building capabilities that are not justified by the stated xalpha fund-analysis scope. This expands the apparent authority of the skill beyond its validated domain, increasing the risk of inappropriate invocation, incorrect dependency installation, and unsafe financial guidance outside the intended tool boundaries.

Vague Triggers

Medium

Confidence: 81% confidence
Finding: The listed trigger terms are broad and loosely bounded, which increases the chance that normal conversation about funds, correlations, or convertibles unintentionally activates the skill. In a finance context, accidental invocation is risky because it can lead the agent into sensitive analysis or action-oriented workflows without sufficiently specific user intent.

Vague Triggers

High

Confidence: 95% confidence
Finding: The global execute trigger combines broad intent matching with generic action verbs such as run, execute, fetch, and collect, making invocation boundaries ambiguous. In this skill's context, that ambiguity is especially dangerous because the documented pipeline includes trading execution, so an agent could escalate from casual discussion to operational steps without strong user confirmation.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The pipeline explicitly includes trading_execution but provides no warning about possible real-world financial impact, account connectivity, or order placement consequences. In a financial skill, omission of that warning can mislead users and host systems into treating the tool as passive analytics when it may participate in market actions with monetary loss potential.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The execute trigger matches broad action verbs combined with positive terms, which can cause unintended invocation during normal conversation. In a finance skill with install and execution behavior, accidental triggering can lead to unnecessary environment changes, data access attempts, or misleading analytical output without sufficiently explicit user intent.

VirusTotal

51/51 vendors flagged this skill as clean.

View on VirusTotal