Back to skill

Security audit

stock-analysis

Security checks across malware telemetry and agentic risk

Overview

This is a stock-market analysis skill with some rough edges, but its network use, optional scheduling, and local scripts match the advertised purpose and do not show deception or data theft.

Install this only if you are comfortable running local Python scripts that fetch market data from akshare. Use a virtual environment for the unpinned pip dependencies, review or change the hard-coded C:/Users/chenyaoan/Desktop/stock_data.csv path before running auxiliary scripts, and enable the cron task only if you want recurring stock-analysis prompts. Treat the recommendations as informational, not financial advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The documentation directs the agent to create, list, and delete cron jobs, which gives the skill a persistent task-management capability beyond simple market analysis. Persistent scheduled execution can repeatedly trigger network access or script execution without fresh user intent, making mistakes or abuse longer-lived and harder to notice.

Context-Inappropriate Capability

Medium
Confidence
81% confidence
Finding
The skill tells the agent or user to directly edit local skill files to change preferences, normalizing arbitrary modification of files under the skill directory. Even if intended for configuration, this broadens from analysis into local file mutation and can lead to integrity issues, accidental breakage, or misuse if the editing target is not tightly constrained.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The example trigger phrases are generic natural-language requests like asking to analyze the market or recommend stocks, which can overlap with ordinary user conversation and cause the skill to be invoked unintentionally. In an agent environment, this increases the chance of unexpected execution of analysis scripts and related actions without clear user intent.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README advertises real-time market retrieval and automatic scheduled analysis but does not clearly disclose that the skill performs external network access and can run autonomously on a recurring schedule. Users may enable or invoke it without understanding the privacy, resource-consumption, and automation implications, which is risky in an agentic system.

Vague Triggers

Medium
Confidence
76% confidence
Finding
The trigger phrase for market analysis is broad and resembles normal conversation, increasing the chance that the skill activates on ambiguous user requests. In a skill that can run scripts and possibly schedule tasks, accidental activation can cause unintended execution, network calls, or other side effects.

Vague Triggers

Medium
Confidence
73% confidence
Finding
The sector-analysis trigger is ambiguous and lacks constraints tying it to this skill specifically. Because the skill includes executable actions, vague matching can cause the agent to invoke analysis logic when the user may only be asking a general question about a sector.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The cancellation phrase is vague and may overlap with unrelated requests to cancel other tasks. In the presence of cron management instructions, this ambiguity can lead to deletion of scheduled jobs the user did not mean to target, causing integrity and availability problems for persistent tasks.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill describes creating and removing scheduled tasks without prominently warning that cron changes are persistent system modifications. Users may not realize they are authorizing background execution that survives the current interaction, which increases the risk of surprise automation and repeated external calls.

Missing User Warnings

Low
Confidence
72% confidence
Finding
The script writes data to a hard-coded absolute path on the user's desktop without warning or consent, causing unintended file creation and potential overwriting or disclosure to other local users with access to that location. In the context of an analysis skill, this behavior is more concerning because file writes are not essential to merely displaying recommendations, so the side effect is unexpected.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal