stock-watchlist-aisa

Security checks across malware telemetry and agentic risk

Overview

This appears to be a purpose-aligned market watchlist skill, with a privacy note that ticker lists are sent to AIsa when checking prices.

Install only if you are comfortable sharing your ticker watchlist with AIsa when you run checks. Avoid using it for sensitive or proprietary watchlists unless the publisher documents the destination, retention, and privacy handling clearly.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 79% confidence
Finding: The skill sends the user's full ticker watchlist to an external service without an explicit runtime warning or consent step. Although tickers are not highly sensitive by default, a watchlist can reveal investment interests or strategy, and the transfer occurs automatically during `check`, increasing privacy and data-handling risk.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal