Back to skill

Security audit

Mystock

Security checks across malware telemetry and agentic risk

Overview

This is a real stock-analysis web app, but it shares or exposes sensitive portfolio-related data more broadly than users are clearly told.

Review before installing. Use it only if you are comfortable running an unauthenticated local finance API and sharing stock searches, chat messages, and potentially your portfolio/watchlist with configured data or AI providers. Prefer binding the backend to localhost only, adding authentication, removing the JSONP fallback, and using the default non-AI mode or an explicit opt-in before including portfolio context in chat.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill explicitly says Claude Code can automatically invoke it for stock-related queries, but it does not define clear boundaries, consent requirements, or confidence thresholds. In a finance context, broad auto-triggering can cause the agent to over-activate on ordinary conversation and present investment-oriented outputs or tools when the user did not clearly request them, increasing the chance of unwanted financial guidance or unnecessary data access.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The top-level description uses very broad trigger language such as 'Use when user asks about stock quotes, market analysis... or portfolio management' without qualification. Because stock and market topics are common and often ambiguous, this can make the agent invoke the skill in contexts where the user is only discussing news, education, or hypothetical scenarios, creating inappropriate tool use in a sensitive financial domain.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The chat endpoint reads the user's portfolio and watchlist, builds a context block from that private data, and sends it to an external AI service via AI_SERVICE.chat(). This is a real privacy issue because investment holdings are sensitive personal financial data, and the code provides no consent gate, minimization, or transmission-time disclosure before sharing it with a third party.

Missing User Warnings

Low
Confidence
81% confidence
Finding
The search endpoint forwards user-supplied keyword text to a third-party stock search API. While this is expected for a search feature and the data is usually less sensitive than portfolio contents, it is still a real external data-sharing path without user-facing notice, so user-entered queries may be exposed to the provider.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The stock search code silently falls back to a third-party Sina suggestion endpoint by dynamically injecting a remote script into the page. This causes user-entered search terms to be disclosed to an external service and executes remote JavaScript in the application's origin, creating both a privacy leak and a supply-chain/XSS-style trust boundary issue.

Ssd 3

Medium
Confidence
95% confidence
Finding
The code appends the user's portfolio and watchlist entries directly into the plain-language chat prompt before submission. This increases leakage risk because sensitive holdings become part of the prompt text itself, making accidental disclosure to the AI provider, logs, traces, prompt history, or downstream tooling more likely than if the data were kept isolated and explicitly scoped.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.