Back to skill

Security audit

Stockselectionmodel.Bak

Security checks across malware telemetry and agentic risk

Overview

This skill appears to generate stock-sector research from public market and news data, with no evidence of hidden data theft, account changes, or destructive behavior.

Install only if you are comfortable with the skill running local Node.js scripts, contacting external financial/news services, and saving generated public report data in its local artifact directory. Use a dedicated or rotatable Tavily key if enabling enhanced news, and treat all stock commentary as informational rather than investment advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill invokes local Node.js scripts that use network access and optional environment variables, but the skill metadata does not declare corresponding permissions or capabilities. This weakens platform-level security review and user awareness, because a seemingly harmless research skill can silently reach external services and consume secrets such as API keys.

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
The declared purpose is sector research/report generation, but the file structure and examples also indicate monitoring and alerting behavior via market_monitor.js, including abnormal movement detection and possible periodic polling. Behavior outside the declared scope is dangerous because operators and users may approve a low-risk reporting skill while it actually performs ongoing surveillance-like network activity and generates unsolicited alerts.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The trigger phrases are broad, natural finance questions without clear activation limits, so the skill may activate in many ordinary conversations about markets or stocks. Over-broad invocation can cause unintended external data fetches, excessive monitoring behavior, and responses in contexts where the user did not clearly request this specific tool.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/fetch_news.js:198