Stochastic

Security checks across malware telemetry and agentic risk

Overview

This is a simple stochastic-finance reference skill with a disclosed local script that only prints static reference text.

Install only if you want a lightweight local reference for stochastic-finance concepts. Treat the finance and compliance text as generic educational material, not trading, legal, or regulatory advice; the script is executable, but its reviewed behavior is limited to printing static reference sections.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill's trigger guidance is broad and generic for a large class of finance-related requests, which can cause the agent to invoke this skill in situations where a more specific or safer source should be used. While the skill appears to be a reference tool and does not itself contain overtly malicious instructions, overbroad activation can lead to inappropriate tool selection, user confusion, or propagation of generic financial guidance without clear scope boundaries.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal