Security audit

Wealth Manager

Security checks across malware telemetry and agentic risk

Overview

This is a local wealth-management guide, but it gives high-risk trading, offshore, tax, and cross-border asset-transfer guidance without enough legal or risk guardrails.

Review carefully before installing. Treat this as high-risk educational material only, not financial, legal, tax, immigration, or investment advice. Do not use it to plan offshore structures, tax reduction, capital movement, trading, or asset protection without qualified professionals in the relevant jurisdictions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (7)

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: This calculator explicitly models viral customer-acquisition dynamics, referral payouts, and rapid wealth accumulation using "裂变获客" and multi-layer promotion assumptions. In a wealth-management skill, that context makes it more dangerous because it can operationalize or normalize pyramid-like or unlawful solicitation schemes rather than ordinary financial planning.

Vague Triggers

Medium

Confidence: 96% confidence
Finding: The trigger description is extremely broad and activates on generic topics like赚钱方法、投资策略、风险控制、资产配置、税务筹划, which can cause the skill to intervene in ordinary finance conversations without clear user intent. In this context, over-triggering is risky because the skill contains aggressive wealth, offshore, and asset-transfer frameworks that could steer users into regulated or jurisdiction-sensitive advice unexpectedly.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The skill promotes offshore trusts, family offices, insurance structures, asset protection, tax planning, cross-market hedging, and asset transfer as operational guidance without visible warnings about legality, licensing, tax reporting, sanctions, or jurisdictional variation. Because the content frames these as actionable wealth-preservation steps, users may be nudged toward unlawful evasion, improper financial activity, or reliance on unlicensed advice.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The document presents speculative market behavior as if it were governed by strict, predictable laws and explicitly translates that framing into trading entry, timing, and position-management guidance. Because it contains no risk disclosure, uncertainty framing, or warning about losses, users may over-trust the material as reliable financial advice and make harmful trading decisions based on unsupported predictive claims.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The content explicitly advises timing cross-border asset transfers around adverse tax policy, currency devaluation, geopolitical stress, and especially regulatory tightening or capital-flow restrictions, including completing 'asset outflow' during a 'window period.' In a wealth-management skill, this can operationally facilitate evasion of capital controls, sanctions, tax, reporting, or other financial compliance obligations because it presents tactical guidance without legal-risk framing or compliance safeguards.

Missing User Warnings

High

Confidence: 95% confidence
Finding: The document promotes offshore trusts, offshore structures, privacy-focused banking, Swiss gold storage, and second-passport planning primarily in terms of secrecy, tax reduction, asset shielding, and cross-border mobility, but omits balanced warnings about disclosure, source-of-funds checks, anti-money-laundering rules, CRS/FATCA-style reporting, sanctions, and anti-evasion laws. That combination makes the material dangerous because it can normalize or enable concealment-oriented financial behavior under the guise of ordinary wealth planning.

Ssd 4

High

Confidence: 96% confidence
Finding: The narrative escalates from mainstream investing into a strategy where hedging is framed as a means to move assets across borders, then ties relocation decisions to regulatory pressure and capital-flow restrictions. This progression is particularly risky in the skill context because users seeking wealth advice could be steered from lawful planning into potentially illicit asset flight or regulatory evasion without any boundary-setting, legality checks, or refusal logic.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.