MarketPulse (Stocks + Crypto Data)

Security checks across malware telemetry and agentic risk

Overview

MarketPulse is a straightforward market-data skill that sends requested stock and crypto queries to AIsa using an API key, with no evidence of hidden or destructive behavior.

Install only if you trust AIsa with your API key and market queries. Use a dedicated or least-privilege API key where possible, avoid submitting confidential watchlists or proprietary screening criteria unless approved, and monitor API costs or quota usage.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill declares required binaries and an API key in metadata, and the examples clearly perform outbound network access with an Authorization header, but no explicit permissions are declared. This creates a transparency and policy-enforcement gap: users or orchestrators may underestimate the skill's ability to access secrets and transmit them to an external service.

VirusTotal

49/49 vendors flagged this skill as clean.

View on VirusTotal