FireAnt Stock Checker

Security checks across malware telemetry and agentic risk

Overview

This skill performs the disclosed task of looking up Vietnamese stock data through FireAnt using browser automation, with no evidence of hidden data access, persistence, or destructive behavior.

Install this if you are comfortable with a skill that opens Google and FireAnt.vn through OpenClaw browser automation to retrieve stock data. Prefer normal stock symbols or index names as input; avoid pasting arbitrary URLs or unusual strings as symbols.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill documentation advertises executable capabilities that require network access and shell execution, but no permissions are declared. This creates a transparency and policy-enforcement gap: an agent or reviewer may underestimate what the skill can do, while the runtime may still perform external requests and process execution. In this context the functionality is expected for stock lookup, but undeclared capabilities still increase risk because they enable outbound access and command execution without explicit scoping.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal