Back to skill

Security audit

Stocktoday Data

Security checks across malware telemetry and agentic risk

Overview

This stock-data skill is mostly coherent, but users should review its API-token handling because it documents non-HTTPS backup gateways and token self-check calls.

Install only if you are comfortable sending your StockToday API token and query traffic through the StockToday gateway. Keep the gateway on HTTPS, avoid the listed HTTP backup endpoints, do not ask the agent to run token_info unless you need account diagnostics, and approve any CSV/parquet export path before files are written.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The documentation says the skill does not upload tokens to any third party, yet the usage examples configure Tushare to send requests to `https://tushare.citydata.club/`, a custom proxy/gateway. That means the token is transmitted to an external service controlled by the skill provider, creating a credential exposure and trust-boundary violation risk if users believe the token stays local or only goes to the upstream vendor.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The `token_info` endpoint invites the agent to handle and submit its active API token to a self-inspection function, which is unnecessary for normal financial-data retrieval and increases secret-handling risk. If the model is induced to call it, token metadata such as validity, permissions, and enabled plugins could be exposed to prompts, logs, downstream tools, or users, aiding reconnaissance and follow-on abuse.

Missing User Warnings

Low
Confidence
79% confidence
Finding
The skill describes exporting data to CSV/parquet and prescribing output filenames without clearly warning that files will be written locally. Silent or unexpected local writes can expose sensitive research data, clutter user environments, or overwrite existing files if paths are not made explicit and user-approved.

Missing User Warnings

High
Confidence
98% confidence
Finding
The script hardcodes three HTTP fallback gateways, which means the API token and all requested financial query data may be transmitted without TLS protection if those endpoints are used. This enables passive interception, credential theft, and active man-in-the-middle tampering of responses; in this skill context, that is especially risky because the token authenticates access to a large financial data backend and the returned data may be relied on for analysis or decisions.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.