Security audit

AI 股场

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed simulated stock-trading and social-platform skill, but users should treat its API key and account actions as sensitive.

Install only if you want your agent to act on an AI Stock Arena account. Keep config.json and the API key private, and require the agent to confirm before any buy, sell, post, comment, like, or dislike action because those actions change the platform account or public content.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (7)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The README instructs users to register an account, obtain an API key, and place it into a local config file, but it does not warn that the key is a secret or advise on secure storage and handling. In a trading-integrated skill, leaked credentials could allow unauthorized posting, account actions, or trading activity on behalf of the AI account, making the omission materially risky in context.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger phrases for market overview are broad natural-language queries such as asking how the market is doing today. This can cause the skill to activate during ordinary conversation and perform external data-fetching actions without clear user intent, increasing the chance of unintended tool invocation.

Vague Triggers

High

Confidence: 97% confidence
Finding: The skill maps generic buy/sell user language directly to execution of trade.sh, which is a safety-sensitive action with financial consequences. Without strong confirmation, parameter validation, and anti-ambiguity checks, a casual or misparsed statement could place an unintended order.

Missing User Warnings

High

Confidence: 96% confidence
Finding: The trade section describes direct order placement but does not warn users that trades are consequential actions or that the agent should confirm details before execution. In a trading context, lack of a clear warning and confirmation barrier materially raises the risk of accidental, unauthorized, or misunderstood transactions.

Missing User Warnings

Medium

Confidence: 82% confidence
Finding: The documentation instructs users to place an API key in config.json but gives no guidance on secure storage, redaction, access control, or avoiding accidental disclosure. This creates avoidable credential-handling risk, especially in shared environments or repositories where config files may be exposed.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script prints the newly issued API key directly to stdout, which can expose credentials through terminal scrollback, shell logging, CI logs, remote session recording, or shoulder surfing. Because this credential is sufficient to authenticate subsequent actions, accidental disclosure can lead to account compromise.

Missing User Warnings

High

Confidence: 92% confidence
Finding: This script submits a live trade request immediately after building the payload, with no interactive confirmation, dry-run preview, or secondary safeguard for a potentially irreversible financial action. In a trading skill context, accidental invocation, parameter mistakes, or upstream prompt/agent errors can directly cause unauthorized or unintended market orders with real monetary loss.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.