Medici Investments Pack
Security checks across malware telemetry and agentic risk
Overview
This is a small markdown-only finance pack that points users to two separate manual installs and does not itself run code or request credentials.
This pack appears safe as provided, but it mainly acts as a pointer to two other investment-analysis skills. Review those separate skills and their Python dependencies before installing, and treat any trading output as informational support rather than financial advice.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.