Back to skill

Security audit

股票技术分析

Security checks across malware telemetry and agentic risk

Overview

This stock-analysis skill is purpose-aligned and does not show hidden or destructive behavior, though it uses an API key and writes local output files.

Install only if you are comfortable providing a revocable, low-privilege stock-data API key and running local Python scripts. Review the external toc-trading StockDataAdapter dependency before use, and keep generated outputs in temporary or project-specific paths to avoid overwriting local files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The script accepts a user-controlled --output path and writes fetched data directly to that location, creating an arbitrary file-write capability. In a stock analysis skill, saving analysis artifacts may be operationally convenient, but unrestricted path selection is broader than necessary and can overwrite files or drop data in sensitive locations if the tool is invoked with attacker-controlled arguments.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
Arbitrary file writing is not required for the stated purpose of fetching K-line data for technical analysis, so it expands the tool's capabilities beyond its business need. If an attacker can influence CLI arguments or downstream orchestration, they may cause overwriting of local files, placement of crafted JSON in predictable paths, or interference with other processes consuming those files.

Vague Triggers

Medium
Confidence
76% confidence
Finding
The trigger phrases are broad conversational patterns such as asking about trends or buy/sell signals, which can overlap with normal discussion and cause unintended activation. Mis-triggering can lead the agent to call external tools or consume API-backed resources without sufficiently clear user intent.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill requires an external API credential and performs market-data retrieval, but the description does not clearly disclose to the user that external services will be contacted and credentials used. This undermines informed consent and can surprise users with network access, data sharing, or quota/billing effects.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.