Mock Trading

Security checks across malware telemetry and agentic risk

Overview

This paper-trading skill is coherent and disclosed: it fetches public crypto prices and updates a local mock portfolio, with no evidence of real trading, credential access, or data theft.

Install only if you are comfortable running a local Python script that updates a chosen portfolio JSON file and contacts CoinGecko for public crypto price data. Use a dedicated portfolio filename, avoid pointing it at important files, and only add heartbeat or cron scheduling if you know how to remove it later.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 94% confidence
Finding: The skill directs execution of a Python script that reads and writes local files and fetches external market data, yet it declares no permissions. This undermines transparency and consent: users and enforcement layers may assume the skill is passive documentation while it actually performs filesystem modification and network access.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 91% confidence
Finding: The skill description says it is a paper-trading simulator, but the behavior includes live external data retrieval and overstates supported strategies. Hidden network access is security-relevant because it expands the trust boundary and can surprise users or policy systems that rely on the declared behavior to judge safety.

Missing User Warnings

Low

Confidence: 78% confidence
Finding: The skill instructs copying and then repeatedly modifying a local portfolio file, including automated execution via heartbeat/cron, without an explicit warning that local data will be changed over time. In context this is expected for a trading simulator, but the lack of disclosure can still cause unintended file changes, confusion, or accidental overwrite of user-managed data.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal