stock-hot-aisa

Security checks across malware telemetry and agentic risk

Overview

This skill is a market-mover scanner that uses a user-provided AISA API key and does not show hidden local data access, persistence, or destructive behavior.

Install only if you are comfortable providing an AISA_API_KEY for live market summaries. Leave AISA_BASE_URL unset unless you intentionally trust a custom endpoint, and treat the results as informational market analysis rather than financial advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 77% confidence
Finding: The description includes broad triggers like 'what is hot' and 'what is moving,' which can overlap with general conversation and cause the skill to activate outside clearly finance-specific contexts. Over-broad invocation increases the chance of unintended execution and unnecessary exposure of the API-backed capability.

Vague Triggers

Low

Confidence: 71% confidence
Finding: The usage guidance says to use the skill for a broad market-movers domain but does not define precise inclusion and exclusion criteria. This can lead to misrouting of loosely related user requests into a skill that makes live API calls and returns market-scanning output when a more appropriate skill should handle them.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal