stock-watchlist-aisa

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed stock and crypto watchlist tool that uses an AISA API key for live checks and stores watchlist data locally.

Install only if you are comfortable sending your watchlist ticker symbols to the configured AISA-compatible API. Keep the AISA API key limited, avoid untrusted AISA_BASE_URL overrides, and verify market data or trading signals with reliable sources before acting on them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The script sends the user's watchlist tickers to a remote AIsa/OpenAI-compatible API to fetch prices and signals, but it does not provide a clear user-facing disclosure at the point of transmission. While tickers are not highly sensitive by themselves, a watchlist can reveal investment interests or strategy, so silent off-host transmission creates a privacy and data-handling risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal