Stock Reporting Interaction

Security checks across malware telemetry and agentic risk

Overview

This stock-reporting skill is plausible, but it needs review because it handles sensitive investment data with persistent logs, scheduled alerts, channel pushes, and unbundled local code.

Install only if you trust the publisher and the local stock_data_adapter source that this skill imports. Do not enable the documented cron jobs, memory logging, or external channel alerts unless you are comfortable storing and sending sensitive investment information, and treat any concrete buy/sell prices, stop-losses, or targets as non-professional guidance rather than regulated financial advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (6)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill documents file-writing behavior via investment logs, memory files, generated reports, and chart outputs, yet no explicit permissions are declared. That creates a capability/permission mismatch that can surprise operators and bypass expected review gates for persistent writes.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 82% confidence
Finding: The skill claims broad functionality that apparently is not actually implemented, including logging, dialogue management, report types, and chart variants. Security-relevant behavior mismatches are dangerous because users and reviewers may trust privacy, retention, and decision-making controls that do not exist, leading to unsafe operation or incorrect assumptions about what data is handled.

Intent-Code Divergence

Medium

Confidence: 91% confidence
Finding: The document says the system should never provide concrete buy/sell instructions, but other sections provide explicit entry ranges, stop-losses, targets, and actionable trading guidance. This inconsistency weakens safety controls and can cause the agent to issue regulated or high-risk financial advice despite stated safeguards.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The trigger phrases are broad everyday language, increasing the chance of unintended activation during normal conversation. In this context, accidental activation can initiate report generation, memory writes, alerts, or financial analysis workflows without clear user intent.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill specifies persistent storage of detailed investment trades, decisions, preferences, and inferred long-term profile data without a clear retention notice or consent flow. This is sensitive financial behavioral data, and silent persistence increases privacy, compliance, and secondary-use risks if exposed or repurposed.

Missing User Warnings

High

Confidence: 96% confidence
Finding: The skill supports distribution of reports and alerts to external messaging channels but does not clearly warn users that portfolio, watchlist, or trading-log data may leave the local environment. In a finance context, this can leak highly sensitive personal investment information to third-party platforms with different retention and access controls.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal