Pine Patterns

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Pine Script helper with no executable install behavior; the only notable issues are external documentation lookups and one unnecessary author-local path.

This skill is reasonable to install if you want Pine Script pattern guidance. Before using it with proprietary trading logic, confirm you trust any configured doc-researcher or Ref MCP tools because the skill asks the agent to consult them for syntax checks. The publisher should replace the author-local reference path with a generic or packaged example.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Description-Behavior Mismatch

Low

Confidence: 85% confidence
Finding: The hard-coded local filesystem path leaks author-specific environment details that are unrelated to the skill's stated generic purpose. While it does not directly enable code execution, it discloses host naming and directory structure that could aid reconnaissance, reduce portability, and encourage downstream agents or users to rely on inaccessible local resources.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal