Back to skill

Security audit

china-stock-analyzer

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed A-share technical analysis skill that fetches public market data and runs local Python scripts, with no evidence of hidden persistence, credential access, account actions, or destructive behavior.

Install only if you want an A-share/ETF technical-analysis helper. Expect stock names or tickers to be sent to external market-data providers, run dependency setup in a virtual environment, and treat buy/sell/hold outputs as technical reference rather than investment advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill instructs the agent to use Python scripts that make outbound HTTP requests and execute shell/CLI commands, but it does not declare those capabilities or permissions. This weakens governance and user/host awareness, making network access and command execution occur implicitly and increasing the risk of unintended data access or execution in environments that rely on permission declarations for sandboxing and review.

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
The documented purpose presents the skill as a stock trend analyzer, but the behavior also includes real-time market data retrieval with order-book depth and an installation/setup path that invokes pip via subprocess. That mismatch is dangerous because reviewers or orchestration systems may authorize the skill for a narrower purpose than it actually performs, allowing hidden network activity and package installation/execution that materially expand the attack surface and supply-chain risk.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The README tells the agent to invoke this skill for broad, natural-language stock-analysis requests without defining tighter trigger conditions or disambiguation rules. In an agentic environment, this can cause over-invocation on loosely related finance queries, leading to unintended data access, unnecessary tool execution, or action on ambiguous user intent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.