Financial Data

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward financial data client that sends market queries and an AISA API key to the AIsa API as part of its normal function.

Install only if you trust AIsa with your financial-data queries and API-key usage. Prefer a dedicated or limited AISA_API_KEY, monitor quota or cost usage, and avoid sending sensitive proprietary portfolio or strategy filters if that disclosure would matter to you.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 92% confidence
Finding: The documentation instructs users to send an Authorization bearer token and market query data to a third-party API but never warns that prompts, tickers, filters, and the API key are transmitted off-platform. This is primarily an informed-consent and data-handling issue rather than an exploit, but it can still expose sensitive research activity or credentials to an external service unexpectedly.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal