Security audit

CN Financial Deep Analysis

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed A-share financial analysis/reporting helper with optional local chart and Word export tools; the main risks are dependency hygiene and financial-output caution, not malicious behavior.

Install the optional Python/MCP pieces only if you need charts, Word output, or live A-share data. Use a virtual environment, review the external cn-financial-mcp repository before installing it, and prefer pinned/current patched dependency versions. Treat generated investment recommendations as research assistance only and verify them with official filings or a qualified professional.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (6)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 83% confidence
Finding: The skill instructs the agent to read local files such as report inputs, JSON analysis results, chart directories, and local MCP configuration, yet it declares no permissions. Undeclared file-read capability is risky because it can lead to the host granting broader filesystem access than users expect, and the skill also references path-based commands that may encourage reading arbitrary local content.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger phrases include broad, everyday requests like '这个股票怎么样' and '帮我看看这家公司', which can cause the skill to activate in loosely related conversations. Over-broad invocation increases the chance the agent will pull financial data, read local references, or produce investment-style outputs when the user did not intend to invoke this high-context workflow.

Unpinned Dependencies

Low

Category: Supply Chain
Content: matplotlib>=3.7.0 python-docx>=0.8.11 Pillow>=9.0.0
Confidence: 95% confidence
Finding: matplotlib>=3.7.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: matplotlib>=3.7.0 python-docx>=0.8.11 Pillow>=9.0.0
Confidence: 95% confidence
Finding: python-docx>=0.8.11

Unpinned Dependencies

Low

Category: Supply Chain
Content: matplotlib>=3.7.0 python-docx>=0.8.11 Pillow>=9.0.0
Confidence: 98% confidence
Finding: Pillow>=9.0.0

Known Vulnerable Dependency: Pillow==9.0.0 — 10 advisory(ies): CVE-2023-50447 (Arbitrary Code Execution in Pillow); CVE-2024-28219 (Pillow buffer overflow vulnerability); CVE-2023-44271 (Pillow Denial of Service vulnerability) +7 more

Critical

Category: Supply Chain
Confidence: 91% confidence
Finding: Pillow==9.0.0

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.