股票分析助手

Security checks across malware telemetry and agentic risk

Overview

This stock-analysis skill mostly matches its purpose, but it needs review because it includes real-looking API keys in documentation and runs external search helper skills with broad environment access.

Install only after reviewing the outbound data flows and credentials. Use your own scoped API keys, assume stock symbols and company queries may go to Tushare, Baidu, Tavily, and the configured LLM provider, and prefer a cleaned version that removes the exposed key strings, narrows triggers, declares Tavily, and avoids passing the full environment to helper subprocesses.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (10)

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: The skill claims to perform stock analysis, but this section expands behavior into external Baidu and Tavily search execution via helper tools in other directories. That broadens the trust boundary, sends user/company query data to third parties, and introduces extra code paths and dependencies that are not necessary for core valuation logic.

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The implementation performs broad web/news scraping and heuristic sentiment processing well beyond basic stock analysis. In skill contexts, hidden expansion of capabilities is dangerous because it increases data exposure, pulls in untrusted remote content, and makes behavior less predictable than the manifest suggests.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger list includes broad terms such as "stock", "买点", and "卖点", which can match common conversational language and cause the skill to activate unexpectedly. In a financial-analysis skill, unintended activation is risky because it may produce investment guidance in contexts where the user did not explicitly request it.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger list contains short, generic phrases that are likely to match normal conversation, causing the skill to activate unintentionally. In this skill, accidental activation is more concerning because it can initiate external lookups and third-party processing of the user's stock-related queries without a clear warning.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The documentation does not warn users that their stock queries and surrounding analysis context may be sent to external services such as search providers or LLM-backed analysis systems. This lack of transparency can expose sensitive trading interests, portfolio context, or proprietary research to third parties without informed consent.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill sends stock-analysis context to an external LLM without any visible notice, consent flow, or data-handling disclosure. Even if the payload appears low sensitivity, undisclosed transmission to a third-party model can violate privacy expectations, policy requirements, or organizational data-boundary rules, especially when user-provided inputs and derived analysis are included.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: This is a second independent external LLM transmission of contextual stock data without visible user disclosure or consent. Repeated undisclosed outbound transfers increase the privacy/compliance risk surface and can expose user intent, requested ticker symbols, and generated analytical context to external services without transparency.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The script sends company/stock query data to external search tooling and likely onward to third-party services without an explicit runtime warning or consent flow. Hidden networked lookups matter in a skill environment because users may expect local analysis, not data transmission outside the skill boundary.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: This helper execution crosses into another skill directory and triggers external search behavior without clearly informing the user. The danger is unauthorized data sharing and trust-boundary expansion, especially when the manifest does not prominently disclose these lookups.

Ssd 3

High

Confidence: 99% confidence
Finding: The release report reproduces previously hardcoded real API keys in plaintext in the "before" example, which is direct secret disclosure. Even if the code was later fixed, publishing the secrets in documentation exposes them to anyone with file access and can enable unauthorized API usage or account abuse.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal