Stock Fundamental Analysis

Security checks across malware telemetry and agentic risk

Overview

This stock-analysis skill runs local Python valuation/data-fetching code and is not malicious, but it overstates how complete its analysis tooling is.

Install only if you are comfortable running local Python code and providing a stock-data API key. Treat the output as partial research support, not a complete fundamental-analysis workflow or investment advice, and verify missing dependencies and data sources before relying on any conclusions.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 91% confidence
Finding: The skill claims comprehensive fundamental analysis, including financial health, growth, industry benchmarking, report interpretation, and structured investment research output, while the detected behavior appears limited to simplified market-data fetching and valuation support. This mismatch can mislead users or downstream agents into placing unwarranted trust in incomplete analysis, creating integrity and decision-risk issues in a financial context.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal