🐂 UnifiedStock — 多源统一股票数据接口

Security checks across malware telemetry and agentic risk

Overview

This skill is a read-only Chinese A-share market data tool that makes expected external data-source queries and shows no hidden persistence, credential access, or destructive behavior.

Install it in an isolated Python environment if possible, expect network calls to Chinese financial-data providers, and avoid using it for private watchlists or sensitive research patterns if those queries should not be exposed to third-party market-data services.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The activation description is broad enough to trigger on many generic stock-related requests, which can cause over-selection of this skill outside narrowly intended use cases. Overbroad routing increases the chance that a network-enabled skill handles queries unnecessarily, exposing user prompts or context to external providers and interfering with safer or more appropriate tools.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal