Back to skill

Security audit

trading-log

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real trading-log utility, but it stores sensitive financial records permanently and can mutate them from broad triggers without clear controls.

Install only if you are comfortable storing detailed trading history locally in permanent JSON files and sending stock codes to Tencent for live quote lookups. Before use, verify which script path will run, where the data will be stored, whether any scheduled refresh is enabled, and how you will correct or remove mistaken records.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Low
Confidence
91% confidence
Finding
The script exposes undocumented destructive and state-altering commands (`清仓` and `修改名称`) that are not declared in the skill metadata. In an agent setting, hidden capabilities are dangerous because callers, reviewers, and policy layers may assume the tool only records trades and computes P/L, while it can also zero out holdings or tamper with portfolio metadata, increasing the risk of unauthorized or misleading actions.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The top-level description says the skill activates whenever the user mentions buying/selling stocks, positions, or profit/loss, which overlaps with ordinary financial discussion. That broad trigger scope can cause unintended invocation of a stateful tool that records transactions or fetches data when the user may only be asking a question, increasing the risk of accidental data creation and privacy-impacting behavior.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The listed trigger phrases are highly ambiguous terms like '买入', '卖出', '持仓', and '盈亏' without scope boundaries, so normal conversation may accidentally activate the skill. Because this skill performs permanent recordkeeping and can query external services, ambiguous activation is more dangerous than for a read-only utility.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill description emphasizes logging trades and computing P/L but does not warn users that it writes and permanently retains detailed trading records. Since the stored data includes timestamps, securities, prices, quantities, reasons, and possibly account information, the omission can lead to uninformed collection of sensitive financial history.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill documents use of Tencent's quote API for real-time prices but does not provide a clear privacy warning that requests will be sent to an external service. Even if only ticker symbols are transmitted, those requests can reveal user holdings or interests to a third party, which is sensitive in a trading context.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.