Alpha Pulse

Security checks across malware telemetry and agentic risk

Overview

This looks non-destructive, but it overstates a stock-prediction system that is not actually included in the package.

Review before installing. Treat this as an incomplete stock-data scanner, not a ready financial prediction engine. Use an isolated Python environment, pin dependencies, verify any missing code before running it, and do not rely on its output for trading decisions without independent review.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill states it will 'immediately create' local files and frames that as requiring no user action, but it does not clearly obtain explicit consent for filesystem modification or describe where and what will be written. In an agent setting, this can cause unintended local changes, overwrite existing files, or normalize silent side effects that users did not approve.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal