AIsa Financial Data

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a straightforward financial market-data client that uses an AISA API key to query api.aisa.one.

Install only if you trust AISA with your API key and the market symbols, date ranges, screening filters, or portfolio-style queries you submit. Treat AISA_API_KEY as a secret, avoid logging or hardcoding it, monitor usage costs, and avoid sending confidential trading strategies or private portfolio details unless that third-party sharing is acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 78% confidence
Finding: The documentation repeatedly demonstrates authenticated requests using a bearer token but does not warn that the API key is sensitive or that ticker/query inputs and resulting metadata are transmitted to an external service. This creates avoidable risk of credential mishandling and uninformed data sharing by downstream users or agents.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal