stock-prediction-daily

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed stock-prediction and dashboard workflow that fetches public market data and saves local model/report files without evidence of hidden or destructive behavior.

Install only if you are comfortable with the skill fetching public stock-market data, creating local model/result/report files, and using the named companion skills for sector or watchlist analysis. Avoid using the documented kill -9 troubleshooting command unless you first verify the process on port 5000 and prefer a graceful stop.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill clearly describes capabilities to read and write local files and make repeated network requests, yet no explicit permissions are declared. This creates a transparency and governance gap: a caller may invoke the skill without realizing it can persist artifacts locally and access external data sources, which increases the risk of unintended data exposure or unsafe execution in broader agent environments.

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The manifest uses very broad 'Use when' phrases such as generic stock prediction, training, optimization, evaluation, dashboard, and analysis terms. In agent routing systems, this can cause the skill to activate for ambiguous requests and perform file writes, network fetches, or delegated analysis when the user did not specifically intend to invoke this skill.

Vague Triggers

Medium

Confidence: 81% confidence
Finding: Multiple trigger-condition sections are written in expansive natural language like 'when the user asks to train,' 'improve accuracy,' or 'view key sectors,' without clear activation boundaries. In practice this increases the chance of over-triggering powerful behaviors such as model training, external data collection, report generation, and cross-skill invocation beyond the user's precise request.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill instructs saving generated reports and other artifacts into local directories, but it does not present a clear user-facing warning that invocation will write to disk. Silent persistence can surprise users, retain sensitive prompts or derived outputs, and create integrity or storage issues if the skill is auto-invoked repeatedly.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The troubleshooting guide recommends `lsof -ti:5000 | xargs kill -9`, which force-terminates whatever processes are bound to port 5000 without verification or warning. In an agent skill context, users may copy-paste this blindly, causing denial of service, accidental termination of unrelated applications, and possible data loss because `SIGKILL` prevents graceful shutdown.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal