Stock Data Collector

Security checks across malware telemetry and agentic risk

Overview

This appears to be a financial data skill with a transparency problem: its documented data sources and minute-level support may not match what it actually does.

Review this skill carefully before installing. Use it only if you are comfortable with external market-data services, and verify which providers, markets, intervals, and fallback rules it actually uses before relying on outputs for financial analysis or trading decisions.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 88% confidence
Finding: The skill's documented behavior does not accurately match its real implementation: it relies on third-party network services not fully disclosed in the main description, and it overstates support for minute-level data collection. This can mislead users and orchestration systems into granting trust or making trading/data decisions based on incomplete, fallback, or incorrect data, which is a meaningful integrity and transparency risk in a financial-data context.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal