A股技术分析工具包

Security checks across malware telemetry and agentic risk

Overview

This appears to be a simple stock-analysis helper with overstated documentation, not a malicious or system-accessing skill.

Install only if you want a small local example script for basic technical indicators. Do not rely on the advertised CLI commands or the unimplemented analysis categories, and do not use the output as investment advice or an automated trading signal without independent verification.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 92% confidence
Finding: The skill advertises concrete technical-analysis capabilities that are not actually implemented, creating a misleading trust boundary for downstream agents or users who may rely on nonexistent analysis when making financial decisions. In a trading-assistance context, this is more dangerous than a generic documentation mismatch because the missing functionality can lead to materially wrong or incomplete market interpretations while appearing authoritative.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal