Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
finance-datareader>=0.9.96 pandas>=2.0
- Confidence
- 95% confidence
- Finding
- finance-datareader>=0.9.96
KRX Stock CLI
Security checks across malware telemetry and agentic risk
Overview
This is a straightforward Korean stock-market data CLI with minor dependency hygiene concerns, not hidden or destructive behavior.
Install it in a virtual environment if possible, and consider pinning or reviewing dependency versions before use. The tool retrieves public market data through an upstream library, so verify important trading or financial decisions against official KRX or disclosure sources.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
finance-datareader>=0.9.96 pandas>=2.0
- Confidence
- 95% confidence
- Finding
- pandas>=2.0
VirusTotal
67/67 vendors flagged this skill as clean.