蜡烛图分析

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward stock chart generator that fetches public market data and saves a chart image locally, with no hidden or destructive behavior found.

Install dependencies from trusted sources, run it only for stock codes you intend to query through the akshare/Tencent data source, and expect it to create or overwrite a PNG chart on your Desktop named after the stock code.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The skill writes output directly to the user's Desktop without explicit consent, despite the described functionality being only chart generation. Unrequested filesystem writes can leak activity, overwrite existing files with predictable names, or violate sandbox/least-surprise expectations in an agent environment.

VirusTotal

No VirusTotal findings

View on VirusTotal