Back to skill

Security audit

Qc Backtest Master

Security checks across malware telemetry and agentic risk

Overview

This appears to be legitimate QuantConnect automation, but it deserves review because it can upload nearby local files and modify or delete QuantConnect cloud assets without strong confirmation controls.

Install only if you are comfortable giving this skill QuantConnect project-level API authority. Use a dedicated QuantConnect project, inspect the strategy folder before running it, keep secrets out of adjacent .json/.txt/.csv files, and understand that cloud files and early-stopped backtests may be deleted without recovery.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill declares powerful capabilities through metadata requirements and documented workflow behavior—environment secret access, local file reads/writes, shell execution, and network access to a third-party API—but does not declare explicit permissions for those operations. That creates a governance gap: users and enforcement systems may not receive accurate warning about credential use, local file overwrite/upload behavior, and cloud-side destructive actions such as deleting backtests.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script automatically reads and uploads every .json, .txt, and .csv file in the strategy directory to QuantConnect, not just files explicitly selected by the user. This can unintentionally exfiltrate sensitive local data such as API keys, notes, credentials, proprietary datasets, or personal information if they happen to reside in the same folder.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The script deletes Main.py in the remote QuantConnect project automatically before upload, without confirmation or a safety check. While intended to prevent stale code execution, this can destroy existing cloud project contents unexpectedly and may cause data loss or workflow disruption if the wrong project ID is used.

VirusTotal

43/43 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.